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Introduction 



In mathematics, one cannot just assert what he wishes, but each assertion must 

be justified by a proof. A proof is a sequence of assertions, produced from the 

previous ones by deduction rules. The deduction rules are thus the "rules of the 

game" that mathematicians play. Euclid's Elements (III r( ^ century B.C.) are 

usually considered as the first systematic mathematical development where each 

assertion is justified by a proof. However, the precise definition of the notion 

proof has only been formulated at the beginning of the XX^ 1 century. 

Having a precise definition of the notion of proof, and not just an informal 

idea of what a correct proof is, is important in several respects. First, since the 
tb 

middle of the XX century, proofs have been used not only by mathematicians, 
but also by computerized proof processing systems such as proof checkers and 
proof search systems, and designing such a system requires a precise definition 
of the notion of proof. 

Having a precise definition of the notion of proof is also necessary to solve 
some problems about proofs. This is what proof theory is about. A first type of 
results proof theory permits to prove are independence results: results asserting 
that some proposition cannot be proved in some theory, for instance that the 
axiom of parallels cannot be proved from the other axioms of geometry. 

But, proof theory is not concerned only with the provable propositions but 
also with the structure of proofs themselves, for instance with the comparison 
of different proofs of the same theorem. One key notion in proof theory is that 
of canonical or cut free proof. Such proofs are the most direct, one can give. For 
instance, if we first prove two propositions A and B, to deduce the proposition 
A A B (A and B) and at last the proposition A, we build a proof that is not 
canonical, because it contains an unnecessary detour by the proposition A A B, 
that has nothing to do with the problem. Such a detour is called a cut. The 
main results we prove in these course notes are that in some cases, such cuts 
can be eliminated and thus that all provable propositions have canonical proofs. 
Moreover non canonical proofs can be transformed into canonical ones in an 
algorithmic way. 

From a philosophical point of view, these results show that proving a theo- 
rem does not require to use ideas external to the statement of the theorem, or 
more precisely that the use of these external ideas can be controlled in a pre- 
cise way. Another application of cut elimination is that studying the structure 



5 



6 



CONTENTS 



of canonical proofs permits to show that some propositions have no canonical 
proofs. Hence, from the cut elimination theorem, we can deduce that they have 
no proof at all. We get this way independence results. Cut elimination is al- 
so used to reduce dramatically the search space of proof search algorithms, by 
restricting to canonical proofs. Finally, cut elimination permits to prove the 
witness property for constructive proofs, i.e. that each time we have a proof 
of a special form of the existence of an object verifying a property P, there is 
also a mathematical object, called a witness, for which the property P can be 
proved to hold. Moreover, with the cut elimination algorithm, a description of 
this object can be computed from the proof. This allows to use mathematics as 
a programming language: the cut elimination process is the execution process 
of this programming language. 



Chapter 1 

Predicate Logic 



1.1 Languages 

A language permits to designate things (The Moon, the number 2, the set of 
even numbers, ...) and to express facts (The Moon is a satellite of the Earth, 
the number 2 is a member of the set of even numbers, the set of even numbers is 
infinite, ...). A phrase that designates a thing is called a term, one that expresses 
a fact is called a proposition. 

The easiest way to designate a thing is to use an individual symbol (also called 
a proper name) such as "2". Thus, a language contains individual symbols and 
individual symbols are terms. But, if we want to be able to designate an infinite 
number of objects with a finite number of symbols, we cannot give a proper 
name to each object. Thus, a language must contain an other kind of symbols, 
called function symbols. A function symbol alone is not a term, but it permits to 
construct a term when it is applied to already constructed terms. For instance, 
with the individual symbol and the function symbol Su (for "successor") we 
can designate all the natural numbers. The number zero is designated by the 
term 0, the number one by the term Su(0) obtained by applying the function 
symbol Su to the term 0, the number two by the term Su(Su(0)), ... Some 
function symbols must be applied to several arguments to construct a term, 
for instance the symbol + must be applied to two arguments. The function 
symbol + is said to have two arguments, while the symbol Su is said to have 
one argument. Individual symbols can be seen as special function symbols that 
have zero arguments. 

The simplest way to form a proposition is to apply a predicate symbol to one 
or several terms. For instance, we can form this way the proposition 

satellite (Moon, Earth) 

that expresses that the Moon is a satellite of the Earth. Thus, a language 
contains predicate symbols. The predicate symbol satellite that must be applied 
to two terms to form a proposition is said to have two arguments. A proposition 
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formed by application of a predicate symbol to terms is called atomic. More 
propositions can be formed with the connectors -i (not), A (and), V (or) and 
=> (implies). It is also convenient to consider propositions T (truth) and ± 
(falsity) . We can for instance form this way the proposition 

prime(Su(Su(0))) A ^prime(Su(Su(Su(Su(0))))) 

that expresses that the number two is prime and that the number four is not. 

A last construction is needed for propositions such as "all men are mortal" 
or "some number is prime" , where we express that all objects verify some pred- 
icate or that some object verify some predicate without expliciting this object. 
We could introduce symbols all and some and let them replace a term as an 
argument of a predicate symbol or a function symbol. For instance we would 
write 

prime(some) 

to express that some number is prime, in the same way that we write 

prime(Su(Su(0))) 

to express that the number two is prime. But, such a construction is ambiguous. 
Indeed, the proposition 

some > all 

may express that for all numbers there is some greater number (which is true) 
but also that there is some number greater than all numbers (which is false). 
A more precise construction is to apply the predicate symbol to a variable 
and indicate in a second step if this variable is universal or existential with a 
quantifier V (for all) or 3 (there exists) . The fact that some number is prime is 
then expressed 

3x prime(x) 

The order in which these quantifiers are applied permits to resolve the ambigu- 
ities. The fact that for all numbers there is some greater number is expressed 
by the proposition 

Vx 3y y > x 

while the fact that some number is greater than all numbers (which is false) is 
expressed by the proposition 

3y Vx y > x 

Among all the symbols used to form terms and propositions, some are the 
same in all languages: the connectors T, ±, -i, A, V and =>, the quantifiers V 
and 3 and the variables, while the function symbols (including the individual 
symbols) and the predicate symbols are specific to a given language. For instance 
the symbol Moon is used in the language of astronomy, but not in the language 
of geometry. 
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1.1.1 Terms and propositions 

Definition 1.1.1 (Language) A language is a set of function symbols and 
a set of predicate symbols. To each symbol is associated a number, called its 
number of arguments. 

Definition 1.1.2 (Term) Let £ be a language and V be an infinite set whose 
elements are called variables. The terms of the language £ with variables V are 
defined by the following rules 

• if x is a variable then the tree whose root is labeled by x and that has no 
sub-tree is a term, 

• if f is a function symbol of n arguments and t±, ...,t n are terms then the 
tree whose root is labeled by f and whose sub-trees are t±, ...,t n is a term. 

Definition 1.1.3 (Proposition) Let £ be a language and V be an infinite set. 
The propositions of the language £ with variables V are defined by the following 
rules 

• if P is a predicate symbol of n arguments and t\,...,t n are terms then 
the tree whose root is labeled by P and whose sub-trees are t±, ...,t n is a 
proposition, 

• the trees whose root are labeled by T and ± and that have no sub-tree are 
propositions, 

• if A is a proposition then the tree whose root is labeled by -i and whose 
sub-tree is A is a proposition, 

• if A and B are propositions then the trees whose root are labeled by A, V 
or =>■ and whose sub-trees are A and B are propositions, 

• if A is a proposition and x a variable then the trees whose root are labeled 
Vx and 3x and whose sub-tree is A are propositions. 

Remark. In several places, we shall use the notation A B. There is no 
connector in our definition of the notion of proposition. Thus the proposition 
A B is just a notation for the proposition (A => B) A (B => A). 

Example 1.1.1 If=is a predicate symbol of two arguments, + a function sym- 
bol of two arguments, a function symbol of zero arguments (i.e. an individual 
symbol) and x a variable then the tree 




+ 



x 




x 







is a proposition. 
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Remark. Terms and propositions have been denned as trees whose nodes are 
labeled by symbols. Some authors prefer to define terms and propositions as 
strings, i.e. as sequences of symbols. The proposition of example 1.1.1 would 
then be written 

= (+(x,0),x) 

or 

x + = x 

This is difference is just a matter of taste. 

However, the advantage of considering trees instead of strings is that this 
permits to disregard the shallow properties of expressions: whether + is written 
before, between or after its arguments, whether parentheses or brackets are 
used, ... and to focus on the logical structure of expressions. 



1.1.2 Variables and substitutions 

Definition 1.1.4 (Variables) The set of variables of a term (resp. proposi- 
tion) is defined by induction over its height as follows 

• Var(x) = {x}, 

. Var(/(ti,. ..,*„)) =Var(t 1 )U...UVar(t n ), 
. Var(P(t u ...,t n )) = Var(t 1 )U...UVar(t n ), 

• Var(T) = Var(±) = 0, 

• Var{pA) = Var(A), 

• Var(A A B) = Var(A vB)= Var(A B) = Var(A) U Var(B), 

• Var^x A) = Var{3x A) = Var{A) U {x}. 

The set of free variables of a term (resp. a proposition) is defined induction 
over its height as follows 

• FV(x) = {x}, 

. FV(f(h , t„)) = FV{h) U ... U FV(t n ), 
. FV(P(h, t n )) = FV(h) U ... U FV(t n ), 
. FV(T) = FV{±) = 0, 

• FV(-nA) = FV(A), 

• FV(A A B) = FV(A V B) = FV(A ^ B) = FV{A) U FV(B), 

• FV(Vx A) = FV(3x A) = FV(A) \ {x}. 
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Definition 1.1.5 (Closed and open) A term (resp. a proposition) that con- 
tain no free variables is said to be closed, otherwise it is said to be open. 

We now want to define the operation of substitution. For instance, substi- 
tuting the term y + 2 for the variable x in the proposition x x 2 = 4 yields the 
proposition (y + 2) x 2 = 4. The result of the substitution of the term u for 
the variable x in the term or proposition t is written (u/x)t. A first, incorrect, 
attempt to define substitution, is the following. 

Definition 1.1.6 (Replacement) Let t be a term (resp. a proposition), x be 
a variable and u be a term. The term (resp. the proposition) (u/x)t is defined 
by induction over the height of t as follows. 

• (u/x)x = u, 

if y is a variable different from x, then (u/x)y = y, 
(u/x)f(t 1 ,...,t n ) = f({u/x)t 1 ,...,{u/x)t n ) l 

• (u/x)P(t 1 ,...,t n ) = P({u/x)t 1 ,...,{u/x)t n ), 
(u/x)T = T, 

(u/x)± = ±, 

(u/x)(-<A) = -<(u/x)A, 

(u/x)(A A B) = (u/x)A A (u/x)B, 

{u/x)(A V B) = {u/x)A V {u/x)B, 

(u/x)(A =>B) = (u/x)A =>• (u/x)B, 

(u/x)(Vy A)=Vy (u/x)A, 

(u/x)(3y A)=3y {u/x)A. 

There are two problems with this notion of replacement. First, when we 
replace for x is Vx P(x) we obtain Va; P(0) while we would like to obtain 
Vx P(x), as the variable x in the proposition Vx P(x) is not free and cannot 
be substituted. Then, when we replace y + for x in P(x, y) we obtain 
Vy P(y + 0,y) where the variable y in y + is now quantified, while originally, 
this variable y had nothing to do with the variable y quantified in Vy P(x, y). To 
perform a correct substitution, we must first rename the variable y quantified 
in P(x,y) to get, for instance, Vz P(x,z) and then substitute the variable x 
by y + to get Vz P(y + 0, z). The choice of the variable z is arbitrary, and we 
could also have obtained Vw P(y + 0, w). 

Thus, to define the substitution operation, we must first define the equiva- 
lence of two propositions modulo bound variable renaming and define substitu- 
tion on the quotient of the set of propositions modulo this relation. 

Definition 1.1.7 (Alphabetic equivalence) The alphabetic equivalence be- 
tween propositions is defined as follows 

• if A and B are atomic propositions then A ~ B if and only if A = B, 
T~T ; 

±~±, 

(-1,4) ~ (-1^4') if and only if A ~ A 1 , 
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(A A B) ~ (4' A B') »/ and onfy if A ~ A' and B ~ B', 

(i V 5) ~ (4' V B') »/ and onfy if A ~ A' and B ~ B', 

(4 =>• 5) ~ (^' =>• £') t/ and onfy if A ~ A' and B ~ E', 

(Va; ^4) ~ (Vy ^4') «/ and on/?/ i//or some variable z not appearing in \/x A 

nor in Vy A' (z/x)A ~ (zfy)A' , 

(3x A) ~ (3y ^4') and on/y i//or some variable z not appearing in 3x A 
nor in 3y A' (z/x)A ~ (zfy)A' . 

From now on, propositions will be considered up to alphabetic equivalence, 
i.e. we consider only classes of propositions modulo alphabetic equivalence. So 
the proposition Vx (0 < x) and (0 < y) are equal. 

Definition 1.1.8 (Substitution) Lett be a term (resp. a proposition), x be 
a variable and u be a term. The term (resp. the proposition) (u/x)t is defined 
by induction over the height of t as follows 

• (u/x)x = u, 

if y is a variable different from x, then (u/x)y = y, 
(u/x)f(t 1 , ...,t n ) = f((u/x)t lt (u/x)t n ), 

• (u/x)P(t 1 ,...,t n ) = P((u/x)t 1 ,...,(u/x)t n ), 
(u/x)T = T, 

(u/x)± = ±, 

(u/x)(-<A) = -n(u/x)A, 

(u/x)(A A B) = (u/x)A A (u/x)B, 

{u/x){A V B) = (u/x)A V {u/x)B, 

(u/x)(A = (u/x)A =>• (u/x)B, 

(u/x)(\/y A) = Vz (u/x)(z/y)A where z is a variable not appearing in 

A, not appearing in u and distinct from x, 
(u/x)(3y A) = 3z (u/x)(z/y)A where z is a variable not appearing in 
3y A, not appearing in u and distinct from x. 

We can in the same way define simultaneous substitution. 

Definition 1.1.9 (Simultaneous substitution) Let t be a term (resp. a 
proposition), #i,...,x„ be variables and Ui,...,u n be terms. Let a be the fi- 
nite function mapping Xi to Ui. The term (resp. the proposition) at is defined 
by induction over the height of t as follows 

• axi = u i; 

if y is a variable different from the Xi 's, then ay = y, 
af(ti, ...,t n ) = f(ati, ...,at n ), 

• aP{t 1 ,...,t n )= P{at 1 ,...,at n ), 
aT = T, 

a± = ±, 

a(-nA) = -naA, 

a(A A B) = a A A aB, 
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a(A V -B) = a A V oB, 

a(A ^ B)=(iA^- (jB, 

cr(\/y A) = \/z a(zjy)A where z is 

not appearing in a, 

cr(3y A) = 3z a(zjy)A where z is 

not appearing in u. 



a variable not appearing in \/y A and 
a variable not appearing in 3y A and 



1.2 Proofs 

We are now ready to define the tools that permit to prove propositions. 
1.2.1 Proofs a la Hilbert 

Definition 1.2.1 (Theory) A theory is a set of propositions, called axioms, 
such that the membership of some proposition to this set can be decided in an 
algorithmic way. 

Definition 1.2.2 (Deduction rule) A Deduction rule is a set of n + 1-uples 
of propositions, such that the membership of some n + 1-uples of propositions to 
this set can be decided in an algorithmic way. The n+ 1-uple (A±, ...,A n ,B) is 
written 

A x ... A n 
B 

The propositions Ai,...,A n are called the premises and the proposition B the 
conclusion of the n + 1 -uple. 

Definition 1.2.3 (Proof) Let D a set of deduction rules. A proof of a propo- 
sition B in D is a tree whose root is labeled by the proposition B, whose sub-trees 
are proofs of propositions Ai, A n and such that the n + 1-uple 

Ax ... A n 
B 

is an element of one of the deduction rules of D. 

Definition 1.2.4 (Logical axioms) A logical axiom is a proposition of the 
following form where A, B, C are arbitrary propositions and x an arbitrary 
variable. 

A^(B^A) 
(A^{B^ O) =>• ((A ^B)^{A^ O) 
(Vx (A B)) ^{A^\fx B) (if x $ FV(A) ) 
T 

±^A 
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A =>• (-1^4 => ±) 

(AAB)^A 
(A A B) B 
A^B^(AAB) 
A^(AyB) 
B^(AyB) 
{Ay B) ^ {{A C) => ((B => C) => C)) 
Vx A=> (t/x)A 
(t/x)A => 3x A 
3x A=> ((Vx (A => B)) => B) (ifxg FV(B) ) 
Ay ^A 

Definition 1.2.5 (Deduction rules d la Hilbert) Given a theory T, the 
deduction rules a la Hilbert for T are the following: 

• the rule Axiom containing all the 1-uples 

A 

where A is an element ofT or a logical axiom, 

• the rule Modus ponens containing all the 3-uples 

A^B A 
B 

• the rule Generalization containing all the 2-uples 

A 
Vx A 

where x does not appear free in T. 

These rules should be understood as follows: axioms have trivial proofs, if 
we have already proved A => B and A we can deduce B, if we have already 
proved A with no assumption on x, we can deduce Vx A. 
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Example 1.2.1 Consider the language formed with the four proposition sym- 
bols (i.e. predicate symbol of zero arguments) P, Q, R and S. Consider the 
theory formed with the propositions 



Q 

Q^R 
P^(R^S) 
we have the following proof of the proposition S 

■ Axiom -p; Axiom -p* — —p; Axiom Axiom 



=r" ( -K =r" a) r U It Vj^j 

— - — Modus ponens — — Modus ponens 

it ^ o it , , , 
p Modus ponens 



Remark. Some authors prefer to define proofs as sequences of propositions 
rather than as trees. Again, this is just a matter of taste. 



1.2.2 The deduction lemma 

We now want to prove that a proposition A => B has a proof in the theory T if 
and only if the proposition B has a proof in the theory T, A. 

Proposition 1.2.1 Let A be a proposition, the proposition A A has a proof 
in the empty theory. 

Proof. The propositions 

(A =>• ((A ^A)^ A)) ((A ^>(A^> A)) (A =>• A)) 

A ((A A) A) 
A^(A^A) 

are logical axioms. Hence, the proposition A => A has the proof 

JA => {1Za))ZB ^ M ° duS P ° nenS A => (A => A) „ A 

1 1 ^ ^ 1 Modus ponens 

where B is (A => {{A =>• A) =>• A)) =>• {{A ^{A^ A)) ^{A^ A)). 



Proposition 1.2.2 (Deduction lemma) The proposition A => B has a proof 
in the theory T is and only if the proposition B has a proof in the theory T, A. 
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Proof. If the proposition A =>■ B has a proof in the theory T, then it has a proof 
in the theory F,A. So does the proposition A. Thus, the proposition B has a 
proof built with the Modus ponens rule. 

Conversely, we prove by induction over the height of the proof of B in T, A 
that there is a proof of A =>■ B in I\ 

• If the root of the proof is a Axiom, then either B = >1 and we have a proof 
of A =>■ B by the proposition 1.2.1, or B an element of T and we have the 
proof 

B^{A^B) B 

—. -=r- Modus ponens 

A =>■ B 



• If the root of the proof is a Modus ponens then B is deduced from C => B 
and C, that have smaller proofs. By induction hypothesis, there are proofs 
7Ti and 7T2 of >1 =>■ (C => B) and >1 =>■ C in T and we take the proof 

7Tl 

(A =» (g => B)) g. (QA => C) => (A => fl)) A=»(C=»fl) 77 2 

^g^M^S - P '^ g Modus p. 

A B 



• If the root of the proof is a Generalization then we have B = Vx C, x 
does not appear in T nor in >1 and C has a smaller proof. By induction 
hypothesis, there is a proof n of >1 =>■ C in T and we take the proof 



(V* (A =► C)) =► (A => Vx C) Vx (A =► C) ^ enerallzatlon 

-. — -— L Modus ponens 

A Vx C 



1.2.3 Natural deduction 

Introducing an hypothesis seems to be a natural step in a proof. To prove, for 
instance, the proposition (n = 0) =>■ (n + 1 = 1) we want to assume that n = 
and then to prove that n + 1 = 1. 

Proofs a la Hilbert do not permit to do that directly: if we have a proof of the 
proposition n + 1 = 1 using the hypothesis n = 0, the deduction lemma permits 
to transform this proof into one of the proposition (n = 0) => (n + 1 = 1), 
but this proof is much longer than the proof we started with and it is not very 
natural. 

Natural deduction is an alternative definition of the notion of proof where 
the introduction of an hypothesis is deduction rule. In Natural deduction, a 
deduction step can modify not only the proved proposition but also the theory 
T, hence a proof is not a tree of propositions, but a tree of ordered pairs (r, ^4) 
where T is a theory and A a proposition. Such an ordered pair is called a sequent 
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and is written r h A (read 'T entails A"). The Introduction rule that permits 
to introduce an hypothesis transforms the sequent Y,A\- B into the sequent 
r h A =^ B. 

The notions of deduction rule and proof adapt straightforwardly to sequents. 

Definition 1.2.6 (Deduction rule on sequents) A Deduction rule is a set 
of n + 1-uples of sequents, such that the membership of some n + 1-uples of 
sequents to this set can be decided in an algorithmic way. The n+ \-uple (Ti h 
A\, T n h A n , A h B) is written 

t 1 \- m ... r„ \- A n 

The sequents Ti h A±, T n h A n are called the premises and the sequent A h B 
the conclusion of the n + \-uple. 

Definition 1.2.7 (Proof on sequents) Let D a set of deduction rules. A 
proof of a sequent A h B in D is a tree whose root is labeled by the sequent 
A h B, whose sub-trees are proofs of sequents I\ h A±, ...,r„ h A n and such 
that the n + \-uple 

i\ h m - r„ v A n 

A h B 

is an element of one of the deduction rule of D. 

With the introduction rule, the three first logical axioms are now redundant, 
indeed the sequent r h A (B A) can be proved as follows 

Y,A,Bh A 

■ Intro 



Y,A\-B=^A 
T\- A=> [B => A) Intro 

The sequent r h {A (B C)) {{A B) (A C)) can be proved as 
follows 

A\- A^> (B ^ C) AI-,4,, , A\-A^B Ahi„ , 

aYb^C M ° duS P ' AhB, , - M ° duS P - 

r,A*{B*C),A*B,A\-C ~ M ° dUS P - 
J Intro 



T,A^(B^C),A^B\-A^C 
T ^ A ^{B^C)h{A^B)^{A^C) lnt r ° 

r i- (A =► (b =► c)) =► ((A =► b) =► [A =► c)) tro 

where A = T, >1 =>■ (B =>■ C), >1 =>■ B, A And, if the variable x appears free 
neither in T nor in A, the sequent T h (Vx (^4 =>■ B)) =>■ (^4 =>■ Vx B) can be 
proved as follows 

Ah(Vx(A^)^^ ^Mlj] Modus P . A u , 

A\- A^ B Ahi„ . 

AhB M ° duS P - 

Generalization 



T,Va; (A => B), A\~Vx B , 

— Tntrn 

r, Va: {A=>B)\-A=>MxB mU 
r I- (V* (A =► B)) ^(A^\/x B) Intro 



where A = T, Vx (^4 =>• B),A. 
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Using proof a la Hilbert, when we have proved the propositions A and B 
and we want to deduce the proposition A A B, we must use the logical axiom 
A =>• (B =>• (A A B)) and deduce B =>• A B) and then AAB with the 
Modus ponens rule. It is more natural to take a rule allowing to deduce directly 
r h A A B from rhi and rhB. As we have the rule Introduction this logical 
axiom and this rule are equivalent. As we have just seen, in a system where we 
have the logical axiom, we can simulate any instance of the rule and conversely, 
in a system where we have the rule, the axiom can be proved as follows 

Y,A,B\-A Y,A,B\-B 
f,a,b\- aab New rule 

■ Intro 



T,A\- B ^ (AAB)' 
T\-A^(B^(A/\B)) Intro 



Excercise 1.2.1 With proof a la Hilbert, are the logical axiom and the rule 
equivalent ? Hint: try to prove the Deduction lemma. 

We can suppress in a similar way all the logical axioms and replace them by 
deduction rules. Let us take another example. The logical axiom 

(A V B) ((A C) =» ((B ^C)^ C)) 

can be replaced by the rule 

T\-A\JB rhA^C T\-B^C 
Th C 

But, as it is equivalent to prove the sequent r h A =>■ C or the sequent Y,A\~C 
we can transform this rule further into 

T\-AWB T,A\-C T,B\-C 

rh C 

In this rule, V is the only connector or quantifier that appears explicitly. In 
most rules, only one connector or quantifier occurs. This permits to classify the 
rules according to the connector or quantifier that appears in this rule. The rules 
of a connector or quantifier can further be classified according to the position 
of this connector or quantifier. If it appears in the conclusion of the rule, then 
the rules is called an introduction rule, if it appears in a premise, then the rule 
is an elimination rule. For instance, the connector V has two introduction rules 



T\- A 
T\- AVB 

rh b 
r\- AVB 



V-intro 



V-intro 



and one elimination rule 

fhiVfi T,A\-C T,B\-C 

rh C 



V-elim 
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The Modus ponens 

T\- A^B T\- A 
T h B 

is the elimination rule of implication. The Generalization 

is the introduction rule of the universal quantifier V. And the rule Introduction 

Y,A h B 



r h a => b 



is the introduction rule of the implication. 

The system obtained this way is called Natural Deduction. 

Definition 1.2.8 (Natural deduction) 

Axiom if A € T 

J. \ .Tl 

T-intro 
A.- elim 
intro 
elim 



T h T 

rn 

TV A 

r,A\-± 
r\-->A 

r h A T\-->A 



rhi 

r\- a r h B 
rh aab 

rh a/\b 



h-intro 



TV- A 

Th A/\B 
T\- B 

rh a 
ri-AvB 

rhi? 
rhivB 



A- elim 
l\-elim 
V -intro 
\/ -intro 



T\-A\JB T,A\-C T,B\-C 
Y \- (j W-elim 

T,A h B 
TV-A^B^- mtr ° 
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T\- A^B T\- A 
p p g ^-ehm 

rh a 
rh Vx a 

T\-MxA 

r h (t/z)i4 

r h ft/x)^ 
rh 3x ^ 

r h 3x ^ r.i h 5 



V-tniro »/ x £ FV{T) 
M-elim 
3-intro 

3-elim ifx£FV(T,B) 



T\- B 

Excluded middle 



T\-AW^A 



Proposition 1.2.3 A proposition A has a proof a la Hilbert in the theory F if 
and only if the sequent T h A has a proof in natural deduction. 

Proof. By induction on the height of proofs. 



Definition 1.2.9 (Contradictory, consistent) A theory T is contradictory 
if all propositions have a proof inT. It is consistent otherwise. 

Excercise 1.2.2 Prove that a theory T is contradictory if and only the propo- 
sition _L has a proof. Prove that a theory T is contradictory if and only there is 
a proposition A such that A and -*A have a proof. 

Excercise 1.2.3 Let A be a proposition, prove that a theory that proves the 
proposition A -*A is contradictory. 

Example 1.2.2 (Equality) Given a language C containing a predicate symbol 
= of two arguments, the theory of equality in this language is formed with the 
following axioms. 
Identity axiom: 

Vx (x = x) 

Leibniz' axiom scheme: for each proposition A, the axiom 
Vx My ((x = y)=> ((x/z)A => (y/z)A)) 
Excercise 1.2.4 In the theory of equality, give a proof of the proposition 

Vx (x = y =>■ y = x) 
Example 1.2.3 (Arithmetic) The language of arithmetic is formed with 

• an individual symbol 0, a function symbol Su of one argument and two 
function symbols + and x of two arguments 
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• a predicate symbol = of two arguments. 

The axioms of arithmetic are the axioms of equality and the axioms: 

Vx Vy (Su(x) = Su(y) =>■ x = y) 

Vx -(0 = Su(x)) 
induction scheme: for each proposition A the axiom 

((0/z)A A (Vx ((x/z)A => (Su{x)lz)A))) => Vy (y/z)A 

and the axioms 

Vy (0 + y = y) 
Vx Vy (Su(x) + y = Su(x + y)) 

Vy (0 x y = 0) 
Vx Vy (Su(x) x y = (x x y) +y) 

Excercise 1.2.5 Write a proof in arithmetic of the propositions 

Su(Q) + Su(Q) = Su(Su(Q)) 

Vx (x + = x) 

1.2.4 Constructive proofs 

Definition 1.2.10 (Constructive proof) A proof is constructive if it does 
not use the excluded middle rule. 

We want to prove that constructive provability and general provability are 
equivalent. This does not mean, of course, that all propositions that have a proof 
have a constructive proof, but that for each proposition A we can compute 
a proposition A' such that the proposition A has a proof if and only if the 
proposition A' has a constructive proof. 

Definition 1.2.11 (Negative translation) Let A be a proposition, the propo- 
sition A 1 is defined by induction over the height of A as follows. 

• A' = —i—i^4 if A is atomic, 

• V = ^T, 

• U = 

. (~nA)' = -.-.-.4', 

• (A A B) 1 = -i-i(A' A B 1 ), 

• (AW B)' = ^(A'y B'), 
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• [A =>• B)' = -i-i(A' => B'), 

• (Vx A)' = -.-.(Va; A 1 ), 

• (3x A) 1 = -.-.(3a; A 1 ). 

Proposition 1.2.4 The proposition A has a proof if and only if A 1 has a con- 
structive proof 

Proof. (1) If a sequent r h A has a constructive proof n, then the sequent 
T I — 1-1.4 has a constructive proof. First, we can add the hypothesis -.4 to all 
sequents of the proof w, we obtain a proof n' of the sequent T, -.4 h A. Then 
we have the following proof. 

/ 

r, -,A h -.a t^aFa 

.-ehm 



-.A h J. 

— .-intro 



r h - 

Thus, we can build a constructive proof of -1-1T. From a constructive proof of 
F,A\- ± we can build a constructive proof of T I — .-.-.4. From constructive 
proofs of T h A and r h 5, we can build a constructive proof of T I — .-.(4 A .B) . 
From a constructive proof of T h 4, we can build a constructive proof of T h 
— i— i(v4 V B). From a constructive proof of T h B, we can build a constructive 

proof of T I i-i (4 V .B). From a constructive proof of T, 4 h B, we can build 

a constructive proof of T I 1(^4 =>■ f?). From a constructive proof of T h 4, 

we can build a constructive proof of T I — .-.Vx A provided x does not appear 
free in T. From a constructive proof of T h (t/x)A, we can build a constructive 
proof of T I — i-i3x A. 

(2) Then, we check that from a constructive proofs of T I — .-.±, we can build 

a constructive proof of T I .-.4. From constructive proofs of T I .-.-.4 and 

T I — i-A, we can build a constructive proof of T I — .-.±. From a constructive 
proof of T I — i-i(-i-i4 A ->->B), we can build a constructive proof of T I — >-i4 
and a constructive proof of T h -1-1.B. From a constructive proofs of T h 
-i-i(-i-i4v-i-iB), T, -i-i 4 I — i— iC and T, -i-if? I — 1-1C we can build a constructive 
proof of T h — i— iC. From constructive proofs of T h -i-i(-i-i4 => ->->.B) and 

T I i-i4, we can build a constructive proof of T I >^B. From constructive 

proofs of T I — i-i(Vx -i-i4), we can build a constructive proof of T I — >^(t/x)A. 

From constructive proofs of T I i-i3x 4 and T, -i-i4 I — >->B we can build a 

constructive proof of T I — 1-1.B provided that x does not appear free in T nor in 
B. 

As an example we show that from constructive proofs of T I i-i(-i-i4 =>■ 

-i-i .B) and T I — i-i4, we can build a constructive proof of T I — -if?. 



r, -..B, -1-1^4 -i-iB h -1-1^4 =>■ -i-ig r, -ig, -i-i4 =>■ -i-ig h -i-i4 

r, - 15, .A —i—iB I i— i_C r. — 15, — i— ij4 —i—iB I — i.Z? 

^ r, -.b, -.-.yi -.-.B i- ± 

intro 



-i-elim 



T, -.B h -i-i(-i-i4 => -1-.B) T, -.B I- —.(—.— .^4 =>■ -1-.B) 

r^shT '- elim 
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(3) We check that if A is a proposition, then the proposition — ■— i(j4 V ->A) 
has a constructive proof. 

-^(AW^A),A\- A . 
2^4 V -itI), AJ--^4_y -nA) -n(AV ^A),A\- AV -A V " L 

n(AV-.AUhl _ '" e ' 

-•(A V -.A) h -.(A V -.A) -.(A V -iA) \- Ay -iA v - mtro 

^(AV^Ajrx '- elim 



(4) Then, we show that if T h ^4 has a proof 7r then r" h ^4' has a constructive 
proof, by induction over the height of n. If the last rule of n is an axiom then 
we use the axiom rule, if the last rule is an introduction rule then we use lemma 
(1), if it is an elimination rule then we use lemma (2), if it the excluded middle 
rule, we use lemma (3). 

(5) Conversely, we show that the proposition A — ■— u4 has a (not neces- 
sarily constructive) proof and we deduce that A A' has a (non necessarily 
constructive) proof and that if r" h A' has a constructive proof then rhi has 
a (not necessarily constructive) proof. 

Remark. In these course notes, we shall mainly focus on constructive proofs. 
This does not mean that we renounce the non constructive proofs, but that non 
constructive proofs of a proposition A are understood as constructive proofs of 
its negative translation. 



1.3 Models 

Definition 1.3.1 (Structure) Let £ be a language formed with the function 
symbols /o,/i,... of number or arguments no,ni,... and the predicate symbols 
Po,Pi,... of number of arguments mo, mi,.... A structure M built on C is a 
n-uple formed with 

• a non empty set M , 

• a function fo from M no to M , a function fi from M ni to M, ... 

• a function P from M m ° to {0, 1}, a function Pi from M mi to {0, 1}, ... 

Definition 1.3.2 (Assignment) An assignment over the set of variables V is 
a function from V to M. If <f> is an assignment, x a variable and a an element 
of M, then <fi + (x, a) is the assignment mapping x to a and y to <fi(y) when y 
is distinct from x. 

Definition 1.3.3 (Denotation) Let £ be a language, V be a set of variables 
and M be a structure built on C. Let <fi be an assignment and t be a term (resp. 
a proposition), the denotation oft in M modulo <fi is defined by induction over 
the height oft. 
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\x\^ = 4>{x), 

fi(t±, ...,f ni )U 




\Pi(h, —,t ni )\<i> 




|TU = 1, 
|-L|* = 0, 

| — 1^4. | ^ = 1 if \A\$ = 0, and otherwise, 

\A A -B|<£ = 1 if \A\tj, = 1 and = 1, and otherwise, 

\A V -B|<£ = 1 if \A\$ = 1 or \B\$ = 1, and otherwise, 

\A =>■ = 1 if \A\$ = or \B\$ = 1, and otherwise, 

|Vx ^4. 1 = 1 i//or all elements a of M, 1^4^+^^) = 1, and otherwise 

\3x A\^, = 1 if there is an element a of M such that 1^4^+^^) = 1, and 

otherwise. 

Definition 1.3.4 (Validity, model) Let £ be a language, V be a set of vari- 
ables and M. be a structure built on C. A proposition P is valid in Ai is for all 
assignments <f>, \P\<j, = 1. A theory T is valid in M. if all its axioms are valid. 
The structure M is a model of T ifT is valid in M . 

Proposition 1.3.1 (Soundness) Let T be a theory. If the proposition P has 
a proof in T, then it is valid in all the models ofT. 

Proof. By induction over the height of a proof of P in T. 

Corollary 1.3.2 // the theory T has a model in which P is not valid then P 
has no proof in T. 

Corollary 1.3.3 IfT has a model then T is consistent. 

Example 1.3.1 Consider the language containing two predicate symbol = and 
< of two arguments. Consider the theory O formed with the axioms of equality 
and 



Indeed, consider the structure M = (N, 7, |) where 7(n,m) = 1 ifn = m and 
otherwise, |(n, m) = 1 ifn is a divisor ofm andO other-wise. The structure Ai 
is a model of O. But it is not a model of the proposition Vx Vy (x < y V y < x), 
because 2 is not a divisor of 3 and 3 is not a divisor of 2. 



Vx (x < x) 



Vx \fy ((x < y Ay < x) =>■ x = y) 



Vx \/y \fz ((x <y/\y<z)=>x<z) 



From these axiom we cannot deduce the proposition 



Vx \/y (x < y V y < x) 
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Remark. The first use of the notion of model to prove that some proposition has 
no proof in a theory is probably that of F. Klein who has built in 1871 a model 
of all the axioms of Euclid's geometry except the axiom of parallels, showing 
that the axiom of parallels cannot be deduced from the other axioms of Euclid's 
geometry. (However the notion of model has only been defined by A. Tarski, 
more than fifty years later, in 1936). 

The soundness theorem has a converse we shall not prove here. 

Proposition 1.3.4 (Godel's completeness theorem) Let T be a theory. If 
the proposition P is valid in all the models ofT then it has a proof in T. 

Remark. The soundness theorem holds also for constructive proofs. But not 
the completeness theorem. For instance, let P be a proposition symbol {i.e. 
a predicate symbol of zero arguments). We shall see (exercise 4.1.1) that the 
proposition P V ->P has no constructive proof, but it is valid in all models. The 
notion of model needs to be adapted for constructive proofs. 

Remark. In proof theory, the notion of model is mostly used to prove inde- 
pendence results, i.e. that some propositions have no proof in some theories. 
The notion of model is also used in algebra. For instance, ordered sets can be 
defined as the models of the theory O of example 1.3.1. Groups can also be 
defined as the models of some theory, but it can be shown that Archimedian 
complete ordered fields cannot be defined as the models of some theory. This 
fact may be used to prove, for instance, that there are ordered sets or groups of 
all infinite cardinals, while it is known that all Archimedian complete ordered 
fields are isomorphic to M and thus that they all have cardinal 2 H ° . The branch 
of mathematics that studies these applications of logic to algebra is called model 
theory. 

Remark. A common misconception is that the notion of model can be used, as 
an alternative to the notion of proof, to define the notion of mathematical truth, 
i.e. that instead of saying that a proposition is true if it has a proof, we could 
say that it is true if it is valid in all models. The problem with such a definition 
of truth is that, unlike the fact that a tree is a proof of some proposition, the 
fact that a proposition is valid in all models is not self evident, i.e. it cannot 
be checked in an algorithmic way. Thus, the fact that some proposition is valid 
in all models must itself be justified by some argument. Thus, such a definition 
of truth reduces the question of the truth of the proposition "P" to that of the 
proposition "the proposition P is valid in all models" and trying to justify some 
proposition we enter into an infinite regression. 

Remark. (Many- valued model) In the definition 1.3.1, the truth value is used 
as denotation of non valid propositions, and the truth value 1 as denotation 
of valid propositions. This definition can be extended by adding other truth 
values. A common extension is to take a third value for propositions whose 
validity is unknown in this model. 
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Chapter 2 

Extensions of predicate 
logic 

2.1 Many-sorted predicate logic 

In some theories, we want to distinguish several sorts of objects. For instance, 
in a language with the individual symbols Finnish, English, French, Finland, 
United — Kingdom, Ireland, France and a predicate L, we can form the propo- 
sitions 

L(Finnish, Finland) 
L(English, United — Kingdom) 
L(English, Ireland) 
L(French, France) 

expressing that Finnish is an official language of Finland, ... In this theory, 
we can also form the unwanted proposition 

L(Finland, Finland) 

An extension of predicate logic permits to restrict the term and proposition 
formation rules, in such a way that such unwanted propositions are avoided. 

Definition 2.1.1 (Many-sorted language) A language is a set of sorts, a 
set of function symbols and a set of predicate symbols. To each function symbol 
is associated an + 1-uple of sorts (s±, s n , s n +i) called its rank and to each 
predicate symbol is associated a n-uple of sorts (s±, ...,s n ) called its rank. 

Definition 2.1.2 (Term in a many-sorted language) Let £ be a many- 
sorted language and V 3 be a a family of disjoint infinite sets indexed by sorts. 
The terms of the language C with variables V 8 are defined by the following rules 
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• if x is a variable of V 3 then the tree whose root is labeled by x and that 
has no sub-tree is a term of sort s, 

• if f is a function symbol of rank (s i, s„, s„ + i) andti,...,t n are terms of 
sort Si, s n then the tree whose root is labeled by f and whose sub-trees 
are t±, t n is a term of sort 

Definition 2.1.3 (Proposition in a many-sorted language) Let £ be a 

many-sorted language and V 3 be a a family of disjoint infinite sets indexed by 
sorts. The propositions of the language C with variables V 3 are defined by the 
following rules 

• if P is a predicate symbol of rank (s±, s n ) andti, ...,t n are terms of sort 
Si, s n , then the tree whose root is labeled by P and whose sub-trees are 
ti,...,t n is a proposition, 

• the trees whose root are labeled by T and ± and that have no sub-tree are 
propositions, 

• if A is a proposition then the tree whose root is labeled by -i and whose 
sub-tree is A is a proposition, 

• if A and B are propositions then the trees whose root are labeled by A, V 
or and whose sub-trees are A and B are propositions, 

• if A is a proposition and x a variable then the trees whose root are labeled 
\/x and 3x and whose sub-tree is A are propositions. 

The definition of a substitution is restricted in such a way that a variable of 
sort s can only be substituted by a term of sort s. The proof rules are the same 
than in ordinary predicate logic. 

Definition 2.1.4 (Structure in a many-sorted language) Let C be a lan- 
guage formed with the sorts sq, s±, the function symbols fo, fi, ... of number 
or arguments and the predicate symbols Po, Pi, .... A structure M. built on C is 
a n-uple formed with 

• a family of non empty sets M 30 , M S1 , 

• a function fo from M S1 x ... x M 3n to M 3n+1 where (s±, s n , s„+i) is the 
rank of fo, a function fi ... 

• a function Po from M 31 x ... x M 3n to {0, 1} where (s±, s n ) is the rank 
of Po, a function Pi ... 

The denotation of a term and a proposition is defined in the same way as in 
ordinary predicate logic, with the extra condition that in the case of quantifiers, 
the object a belongs to M 3 where s is the sort of the quantified variable. 
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Proposition 2.1.1 (Soundness and completeness) A proposition has a proof 
in a theory if and only if it is valid in all the models of this theory. 

Remark. Predicate logic is a particular case of many-sorted predicate logic with 
a single sort. 

2.2 Predicate logic modulo 

In predicate logic, proofs are sequences of deduction steps. The idea of predicate 
logic modulo is that a proof is not a sequence of deduction steps, but a sequence 
of deduction steps and of computation steps. For instance, in arithmetic, to 
prove the proposition 

3x (2 x x = 4) 

we use the 3-intro rule and we are reduced to prove the proposition 2x2 = 4. 
Then, we have to use the axioms of addition and multiplication to prove this 
proposition. In predicate logic modulo, we can simply compute the term 2x2 
and obtain the proposition 4 = 4 that can easily be proved with the identity 
axiom. 

2.2.1 Deduction rules 

Definition 2.2.1 A relation = defined on terms and propositions of a language 
is a congruence if 

• it is an equivalence relation, 

• it is compatible with all function symbols, predicate symbols, connectors 
and quantifiers, i.e. ift = u then f(t) = f(u), if A = B and A' = B' then 
A A A' = B A B' , if A = B then Vx A = Vx B, ... 

In predicate logic modulo a theory is formed with a set of axioms T such that 
the membership of some proposition to this set can be decided in an algorithmic 
way and a congruence = on terms and propositions such that the equivalence 
of two propositions can be decided in an algorithmic way. Before or after each 
deduction step, we can transform the proved proposition into any equivalent one. 
The deduction rules are thus modified to take these computations into account. 
These rules permit to prove sequents of the form T \-= A. A proposition is said 
to have a proof in the theory T, = if the sequent r h= A has a proof with the 
following deduction rules. 

Definition 2.2.2 (Deduction rules modulo) 

=-,- — s Axiom if A € T and A = B 
1 r= B 

—, 7 T-intro if A = T 
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~* ^ ±-elim if B = ± 



T\-=A 
T,A\-=B 

r\-= c 

T\-=C T\-=A 

r \-= b 

T\-=A T\-=B 



rh= C 
r\-= c 



^-intro if B = ± and C = ->A 
-^-elim if C = ->A and B = ± 
A-intro if C = (A A B) 



ri-= 


A 


ri-= 


c 


r i-= 


B 


ri-= 


A 


ri-= 


C 


r h= 


B 



r\-=c 

T\-=D T,A\-=C T,B\-=C 



r\-=c 

rh=c ^~ 
ri-=c rh=i 



A-eZim if C = (A A B) 
A-elim if C = (A A B) 
V -intro if C = {AV B) 
V -intro if C = {AV B) 

V-elim if D = (AV B) 



r h= b 

T\-=A 
T \-= B 
T\-=B 
T\-=C 
T\-=C 

r \-= b 
r\-=c T,A\-=B 



intro ifC = (A=>B) 
^-elim if C = (A => B) 



(x, A) V '-intro if B = (Vx A) and x g FV(T) 
(x,A,t) V-cKm ifB = (Vx 4) and C = (t/x)^ 
(x, ^4,f) if B = (3x ^4) and C = (t/x)A 

(x, A) 3-elim if C = (3x A) and x g FV(T, B) 



T\-=B 

jrp — B Excluded middle if A= (flV -if?) 

Proposition 2.2.1 (Equivalence) For every congruence = there is a theory 
T such that F \-= A if and only if TT h A. 

Proof. We take, for instance, all the axioms of the form Vxi ... Vx„ (^4 B) 
where A = B. 

Definition 2.2.3 (Model of a theory modulo) A structure M is a model 
of a theory modulo T, = if all the axioms ofT are valid in M. and each time two 
terms (resp. propositions) are congruent they have the same denotation in M. 

Proposition 2.2.2 (Soundness and completeness) A proposition has a proof 
in a theory if and only if it is valid in all the models of this theory. 
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2.2.2 Congruences denned by rewrite rules 

Congruences used in predicate logic modulo are often denned by rewrite systems. 

Definition 2.2.4 (Rewrite rule, rewrite system) A rewrite rule is an or- 
dered pair of terms or an ordered pair of propositions (l,r) written I — > r. A 
rewrite system is a set of rewrite rules. 

Definition 2.2.5 (Redex) Let TZ be a rewrite system and t be a term. The 
term t is a redex (reducible expression) if there exists a rule I — > r in TZ and a 
substitution a such that t = al. A term t is said to contain a redex if one of its 
sub-terms is a redex. 

Definition 2.2.6 (One step reduction) Let TZ be a rewrite system. A term 
(resp. a proposition) t reduces to a term (resp. a proposition) u in one step 
(t — > x u) if there is a sub-term t' of t and a substitution a such that t' — al 
and u is obtained by replacing in t the sub-term t' by the term an. 

Definition 2.2.7 (Reduction sequence) Let TZ be a rewrite system. A re- 
duction sequence is a finite or infinite sequence of terms (resp. propositions) 
to,ti,... such that for every i, ti — U + i. 

Definition 2.2.8 (Reduction) Let TZ be a rewrite system. A term (resp. a 
proposition) t reduces to a term (resp. a proposition) u (t — > u) if there is a 
finite reduction sequence starting on t and ending on u. 

Definition 2.2.9 (Congruence sequence) Let TZ be a rewrite system. A 
congruence sequence is a finite or infinite sequence of terms (resp. proposi- 
tions) to,fi, •■■ such that for every i, ti — t 1 U + i or U + i — t 1 ti. 

Definition 2.2.10 (Congruence) LetTZ be a rewrite system. Two terms (re- 
sp. two propositions) t and u are congruent if there is a finite congruence 
sequence starting on t and ending on u. 

Definition 2.2.11 (Normal term) A term (resp. a proposition) is normal if 
it contains no redex. A term (resp. a proposition) u is a normal form of a term 
(resp. a proposition) t if t — > u and u is normal. 

Definition 2.2.12 (Terminating) A term (resp. a proposition) is terminat- 
ing if it has a normal form, i.e. if there exists a finite reduction sequence starting 
on this term and ending on a normal term. It is strongly terminating if all re- 
duction sequences issued from this term are finite. 

A rewrite system is terminating (resp. strongly terminating) if all terms and 
all propositions are terminating (resp. strongly terminating). 

Definition 2.2.13 (Confluent) A rewrite system is confluent if whenever a 
term (resp. proposition) t reduces to two terms (resp. proposition) Ui and U2, 
then there exists a term (resp. proposition) v such that Ui reduces to v and U2 
reduces to v. 
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Proposition 2.2.3 In a confluent rewrite system, two terms (resp. two propo- 
sitions ) are congruent if and only if they reduce to a common term. 

Proof. By induction on the length of the congruence sequence. 

Proposition 2.2.4 In a confluent rewrite system a term has at most one nor- 
mal form. 

Proof. If Mi and «2 are normal forms of i, then t — > u\ and t — > u^. By 
confluence, there exists a term v such that u± — > v and U2 — > v. As ui and 
«2 are normal u± = v = u%. 

Proposition 2.2.5 In a terminating and confluent rewrite system a term has 
exactly one normal form. And this normal form can be computed form the term. 

Proof. Termination yields existence and confluence unicity. To compute the 
normal form, it is sufficient to reduce the term until a normal form is reached. 

Proposition 2.2.6 In a terminating and confluent rewrite system two terms 
(resp. propositions) are congruent if they have the same normal form. 

Proof. If the two terms have the same normal form, then they are congruent. 
If they are congruent, so are their normal forms and these two normal forms 
reduce to a common term. Hence they are equal. 

Proposition 2.2.7 In a terminating and confluent rewrite system, the congru- 
ence can be checked in an algorithmic way. 

Proof. Congruence can be checked by computing the normal forms and checking 
their identity. 

Example 2.2.1 (Arithmetic in predicate logic modulo) To formulate 
arithmetic in predicate logic modulo, we can keep the axioms of equality and the 
axioms 



Vx Vy (Su(x) = Su(y) => x = y) 
Vx -(0 = Su{x)) 
((0/z)A A (Vx ((x/z)A (Su{x)/z)A))) => Vy (y/z)A 



and replace the axioms 



Vy (0 + y = y) 
Vx \/y (Su(x) + y = Su(x + y)) 

Vy (0 x y = 0) 
Vx \fy (Su(x) x y = (x x y) + y) 
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by the rewrite rules 

+ y — > y 
Su(x) + y — > Su{x + y) 

Oxy — > 
Su(x) x y — > x x y + y 

Excercise 2.2.1 Give a proof of the proposition 3x (2 x x = 4). 

2.3 Binding logic 

In mathematics, we use the notation x i-> x + 2 to designate the function that 
maps x to x + 2. Such a symbol is said to be a binder, because the variable x 
that is free in x + 2 is bound in x i-> x + 2. In predicate logic the only binders 
are the quantifiers V and 3 that bind variables in propositions, but there is no 
way to bind variables in terms and so, there is no way to form a term such as 

iHt. 

Binding logic is an extension of predicate logic where function symbols and 
predicate symbols can bind variables in their arguments. To each function 
symbol or predicate symbol of n arguments is associated a rank {ki,...,k n ) 
where ki, ...,k n are natural numbers. Then, if / has the rank {ki, ...,k n ) and 
ti,...,t n are terms, we can form the term 

f{x\...x\ 1 ti, x"...x^ n t n ) 

where x\, ■■■,x\ i are bound in the term t±, x", ■■■,x^ are bound in the term 

In many-sorted binding logic a rank is a sequence of sequences of sorts. Then, 
when a function symbol / has the rank 

s k„ > s k„+l)' 

x\,...,x\ are variables of sorts s\,...,s\ , a;J? , ...,a;J? are variables of sorts 
s",...,s]J n and ti,...,t n are terms or sorts s\ +1 , sJJ +1 then the sort of the 
term /(xj.-.x^ fi, x^...x^ n t n ) is 

Substitution is modified in such a way that bound variables are renamed 
to avoid capture. Proof rules are the same than in predicate logic or predicate 
logic modulo. A notion of model can also be defined for binding logic, but we 
shall not present it here. 
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Chapter 3 

Type theory 



In arithmetic, (example 1.2.3), we can speak about the natural numbers but not 
about the functions mapping natural numbers to natural numbers nor about the 
sets of natural numbers. Thus, arithmetic is not sufficient to express mathemat- 
ics and we need to build more expressive theories. Set theory and type theory 
(also called higher-order logic) are such theories. 

3.1 Naive set theory 

In the language of arithmetic, the symbol Su is a function symbol, thus, it may 
be used to form terms, such as Su(0), but it is not itself a term. If we want to be 
able to speak about the function Su, we need the symbol Su to be a term and 
hence an individual symbol. When Su is an individual symbol, we cannot form 
the term Su(0) anymore. Hence, we need to introduce a new function symbol a 
for the application of a function to its argument and write this term a(Su, 0). 

We could also introduce a function symbol a 2 for functions of two arguments, 
but this is not needed. Indeed, a function / of two arguments can always be 
seen as a function of one argument that maps x to the function that maps y to 
f(x,y). Thus instead of writing a,2(f,x,y) we can write a(a(f,x),y). 

To ease notations we shall write (/ x) for the term a(f,x) and (/ x\ ... x n ) 
for the term (...(/ Xi)...x n ). 

In the same way, we want the symbols designating predicates (sets), to be 
terms and hence individual symbols, for instance if the individual symbol prime 
designates the set of prime numbers, to express that the number 2 is prime, we 
cannot write prime(2) , but we need to introduce a new predicate symbol G and 
write this proposition 2 G prime. 

For terms expressing predicates of several arguments to be terms, we must 
also introduce symbols G 2 , €3, ... For predicates of zero arguments (i.e. propo- 
sitions) to be terms, we must introduce a predicate symbol Go, also written e. 
The proposition G2 {R, x, y) expresses that x and y are related by the predicate 
of two arguments (relation) R. The proposition e(E) expresses that the pred- 
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icate of zero argument E is true. The only difference between E and e(E) is 
that E is a term (designating an object) while e(E) is a proposition (expressing 
a fact). The object E may be called the propositional content of the proposition 
e{E). 

The notions of function and set are redundant. We can express a function 
as a functional relation (its graph), i.e. as a set of ordered pairs. In this case, 
we just need the symbol G. 

Conversely, we can define a set as its characteristic function, i.e. as the 
function mapping its argument to the propositional content of the fact that x 
belongs to the set. In this case, we just need the symbols a and e. If E is a 
set and x an object, the propositional content of the fact that x belongs to E is 
designated by the term (E x) and the fact that x belongs to E is expressed by 
the proposition e(E x). Thus, the proposition x € E is thus written e(E x). In 
the same way, the proposition €2 (R,x,y) is written e(R x y), ... 

Let us now turn to the making of functions and sets. Whenever we have a 
term t and variables x±, ...,x n , we want to consider the function x±, ...,x n i-> t, 
for instance the function x >-> (3 x x). This function is such that we get back t 
when we apply it to x\, x n . Whenever we have a proposition P and variables 
xi,...,x n , we want to build the predicate {xi,...,x n | P}, for instance the set 
{x I 3y (x = 2 x y)}. This predicate is such that we get back P when we apply 
it to Xi, x n . 

A solution would be to introduce for each term t and sequence of variables 
xi, ...,x n an individual symbol C xli ... iXni t and an axiom 

(Cji x„,£ %1 ■■■ %n) — t 

and for each proposition P and sequence of variables xi,...,x„ an individual 
symbol £j, and an axiom 

e(E 

x\ ,...,x n % lr 

Xi ... x n ) <£> P 

In predicate logic modulo, these axioms can be transformed into rewrite rules 

{C xi ,...,x n ,t Ul — Un) > (Ui/Xi,...,u n /X n )t 

e(E Ui ... u n ) — > (ui/xi, ...,u n /x n )P 

But, not all these symbols are necessary, and we can restrict to a much smaller 
language. 

Definition 3.1.1 (Naive set theory) The language of naive set theory is 
formed with 

• a predicate symbol £ of one argument. 

• a function symbol a of two arguments, 

• individual symbols S, K, T, ±, ^, A, V, =>, V and 3. 
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and the congruence defined by the rewrite rules 

(S x y z) — > ((x z) (y z)) 

(K x y) — > x 
e(T) -> T 
e(i) -> JL 
e(^ x) — > 
e(A x y) — > (e(x) Ae{y)) 
e(V xy)—> (e(x)Ve(y)) 
e(^> x y) — > (e(x) ^> e(y)) 
e(V x) — > Vy e(x y) 
e(3 x) — > 3y e(x y) 

Proposition 3.1.1 (Comprehension) For each term t and sequence of vari- 
ables Xi, ...,#„ there is a term u such that 

(u Xi ... x n ) = t 

and for each proposition P and sequence of variables xi,...,x n there is a term 
u such that 

s(u X\ ... x n ) = P 

Proof. By induction over the height oft (resp. P). 

Many variants of this theory have been proposed in the History of mathe- 
matics: Cantor's set theory (1872), Frege's Begriffschrift (1879), Church's pure 
A-calculus (1932), ... Unfortunately, all these systems are contradictory. A 
contradiction is given by Russell's paradox. 

By proposition 3.1.1 there exists a term R such that 

Vx (e(R x) & -.e(x x)) 

(take for instance R = (S (K ^) (S (S K K) (S K K)))). The set R is the set 
of all sets that do not contain themselves. By definition, this set contains itself 
if and only if it does not, which is contradictory. More precisely, with the elim- 
ination rule of the universal quantifier V, we can deduce from this proposition 
the proposition 

e(R R) & ^e(R R) 

and we have seen (exercise 1.2.3) that from such a proposition, we can prove a 
contradiction. 
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3.2 Set theory 

In naive set theory, it is possible to construct functions denned on all the universe 
and to construct sets in comprehension with any property P. To restrict naive 
set theory and avoid paradoxes, we may restrict function construction in such a 
way that functions are defined with a domain of definition and, similarly, only 
subsets of already constructed sets are constructed in comprehension. Such 
ideas are exploited in several theories, including set theory and simple type 
theory. 

In Zermelo's set theory and in its extension Zermelo-Fraenkel set theory, 
the basic notion is that of set and functions are defined as relations. Thus the 
language does not contain symbols a and e, but a symbol G. 

When P is a proposition, it is not always possible to form the set of objects 
verifying the property P. This is only allowed in four cases. 

• If x and y are two sets, we can form the set {x,y} containing exactly x 
and y (the symbol {, } is a function symbol), 

• If x is a set we can form the set \J(x) containing the elements of the 
elements of x, 

• If x is a set, we can form a set p{x) containing the subsets of x. 

• If x is a set and P is a proposition containing variables y,z\,...,z n , we 
can form the subset of x of the elements y verifying P. This set can be 
written f ViZ1 z „,p( x , z\, ...,z n ) where f VtZ1 ,...,z„,p is a function symbol. 

The axioms are 

z G {x, y} (z = x V z = y) 

y G (J (x) <£> (3z (y G z A z G x)) 

y G p(x) (Vz (z G y z G x)) 
V G f y ,z 1 ,...,z n ,p{x,z 1 ,...,z n ) <£> (y G x AP) 

There is no way to construct the set of sets that do not belong to themselves 
and Russell's paradox is avoided. 

In predicate logic modulo, these axioms may be transformed into rewrite 
rules 

t G {w, v} — > t = uV t = v 

t G (J(w) — > 3z (t G z A z G u) 

t G p{u) — > Vz (z G t => z G u) 

t G fy, zi ,...,z n ,p(u,v 1 , ...,v n ) — >t£«A (t/y,v 1 /z 1 , ...,v n /z n )P 

This system does not terminate as the proposition f y ,^ y ey{ x ) S fy,^yey{ x ) 
reduces to f y ,-, y ey( x ) G x A ^fy,^yeyi. x ) S fy,^yey( x )- Thus, if we call A the 
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proposition f y ,^ y ey( x ) S fy,^yey( x ) an d B the proposition fy,^ y ey( x ) S x we 
have 

The decidability of the congruence relation generated by these rule is an open 
problem. 

3.3 Simple type theory 

Simple type theory originates from the work of A.N. Whitehead and B. Russell. 
It is another way to restrict naive set theory to avoid paradoxes. In this theory, 
the basic notion is that of function. Each function has a domain of definition 
and the application (/ t) can be constructed only when t belongs to the domain 
of the function /, otherwise it is prohibited by the syntax. Hence simple type 
theory is a many-sorted theory. Taking all sets as possible function domains, 
i.e. all sets as sorts, makes it difficult to decide if a term (/ t) is well-formed or 
not because we need to decide if the term t designates an object that belongs 
to the domain of / or not. Moreover as an object can belong to several set, it 
should have several sorts. In type theory, an object has only one sort that is the 
maximal set it belongs to. It is called the type of this object. There is one type 
i for atoms and one type o for propositional contents, then each time we have 
two types T and U, we can form the type T — > U of functions mapping objects 
of sort T to objects of sort U. 

Definition 3.3.1 (Simple types) Simple types are closed terms formed with 
the individual symbols i and o and the function symbol — > of two arguments. 

To ease notation, we write T\ — > T 2 — ► ... — ► T n — > U for the type (Ti —» 
(T 2 ... -> (T„ -> C/)...)). 

Definition 3.3.2 (Language of type theory) The language of simple type 
theory in predicate logic modulo is formed with 

• a predicate symbol e of rank (o), 

• for each pair of type T, U, a function symbol ar t u of rank (T — > U, T, U), 

• for each triple of types T, U, V an individual symbol St,u,v of sort (T — > 
U ->V) -> (T ->U) ->T ->V, 

for each pair of types T, U an individual symbol Kt,u of sort T — » U — » X 
individual symbols T and ± of sort o, 
an individual symbol ^ of sort o — > o, 
individual symbols K, V, => of sort o — > o — > o, 

for each type T, individual symbols W and 3t of type (T — t 6) — t o. 

Definition 3.3.3 (Rewrite system of type theory) The rewrite system T 
is defined by the rules 



{St,u,v x y z) — > ((x z) (y z)) 
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(K T ,u x y) — > x 



e(T) 
e(i) 
x) - 
e(A is)- 
e(V x y) — 
e(=» x y) — 
e(V T x) - 
s(3t x) — 



— > T 
— > ± 

-> -e(x) 
e(x) Ae(j/) 
e(x) Ve(j/) 
e(x) e(j/) 

• Vy e(x 1/) 

• 3y e(x y) 



Proposition 3.3.1 (Comprehension) For each term t there is a term u not 
containing the variable x such that (u x) = t. For each proposition P there is a 
term u such that e(u) = A. 

Proof. By induction over the height of t. 

• If t = x then we take u = (S K K), we have (u x) = (S K K x) = 
(K x{K x))=x. 

• If t is a variable different from x or an individual symbol, we take u = 
(K t), we have (u x) = (K t x) = t. 

• If t = (ti t 2 ), then by induction hypothesis, there are terms Ui and u 2 
such that (ui x) = ti and (w 2 x) =t 2 . We take u = (S ui u 2 ). We have 
(u x) = (S ui u 2 x) = ((ui x) (u 2 x)) = (ti t 2 ) = t. 

By induction over the height of A. 

• If A = e(t), we take u = t. 

• If A = B A C, then by induction hypothesis, there are terms v and w such 
that e{v) = B and e(w) = C. We take u = (A v w). We proceed the same 
way if A = T, ±, ^B, B V C or B =>• C. 

• If A = Vx B, then by induction hypothesis, there is a term v such that 
e(v) = B and there is a term w not containing x such that (w x) = v 
and hence e(w x) = e{v) = B. We take u = (V w). We have e(u) = 
Vx e(w x) = Vx B. We proceed the same way if A = 3x B. 



Definition 3.3.4 (Leibniz' Equality) By the proposition 3.3.1 there is a ter- 
ra = such that 

e(= x y) = Vp (e(p x) ^> e(p j/)) 
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Excercise 3.3.1 Prove 

Vx e{x=x) 

and for each proposition A 

Vx Vy (e(x=y) ((x/z)A (y/z)A)) 

To prove that the rewrite system T is terminating, we first focus on the two 
first rules. 

Proposition 3.3.2 (Tait's theorem) The rewrite system 
(St,u,v x y z) — > ((x z) (y z)) 
(K T:U x y) — > x 

is strongly terminating. 

Proof. The set of reducible terms of type T is defined by induction over the 
height of T. 

• If T is i or o then t is reducible of type T if and only if it is strongly 
terminating. 

• If T = Ti — > Ti then t is reducible of type T if and only if for every 
reducible term u of type Ti , the term (t u) is reducible of type Ti . 

We prove by induction over the height of T that 

• (1) all reducible terms are strongly terminating and 

• (2) variables and individual symbols other than S and K are reducible 
terms. 

Let T = Ui -> ... -> U n -> V (V = i or V = o). (1) If t is a reducible 
term of type T, then let x\, x n be variables of types U\, U n . By induction 
hypothesis, the variables reducible. Hence, the term (t x x ... x n ) is 

reducible and its type is either t or o. Hence it is strongly terminating and so is 
t. (2) If a; is a variable of type T or an individual symbol of type T different from 
S and K, then let Ui, u n be reducible terms of types U\, U„. By induction 
hypothesis the terms u±, ...,u n are strongly terminating. A reduction sequence 
starting from (x ui ... u n ) reduces redexes in the terms ..,«„. Hence, it is 
finite. The term (x u\ ... x n ) is strongly terminating and its type is i or o, hence 
it is reducible. Thus, x is reducible. 

Then, we prove by induction over the height of t that every term is reducible. 

• If t is a variable or a constant different from S and K then it is reducible. 

• If t = (u v), then the terms u and v are reducible by induction hypothesis, 
and the term t is reducible. 
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• If t = K (resp. t = S) then let Ui -> ... -> U„ -> F (F = t or y = o) 
be the type of f and let ui, ...,u„ be reducible terms of types Ui, U n . 
We have to prove that the term (K u\ ... u n ) (resp. (5 «i ... u„)) is 
strongly terminating. Consider a reduction sequence to,ti,t 2 ,... starting 
from the term (K ui ... u n ) (resp. (S ui ... u n )). We have to prove that 
this reduction sequence is finite. If the root redex is never reduced, al- 
1 reductions take place in u\, ...,u n , these terms are reducible and hence 
strongly terminating and the reduction sequence is finite. If the root redex 
is reduced at step m, then the term t m has the form (K u[ u' 2 u' 3 ... u' n ) 
(resp. (S u[ u' 2 u' 3 ... u' n )) and the term t TO +i is (u[ u' 3 ... u' n ) (resp. 
(u[ u' 3 (u' 2 u 3 ) u' 4 ... u' n )) where u[ is a reduct of u±, u' n is a reduc- 
t of u n . The term (ui ... u n ) (resp. (ui Ug (u 2 u^) u\ ... u n )) is 
reducible, hence it is strongly terminating and the term (u[ u' 3 ... u' n ) (re- 
sp. (w'j u' 3 (u' 2 u' 3 ) u' A ... u' n )) is strongly terminating, thus the reduction 
sequence to, h, t 2 , ... is finite. Therefore, the term K (resp. S) is reducible. 

All terms are reducible, hence all terms are strongly terminating. 

Proposition 3.3.3 The rewrite system T is strongly terminating. 

Proof. We reduce termination in T to termination in the system SK. We define 
a translation || || of the terms and the propositions of type theory into terms of 
type theory. In each type T, we choose a variable zt- 

• \\x\\ = x, 

• ||5't,[/,v|| = St,u,v, 
\\Kt,u\\ = Kt,u, 

• ll(t«)ll = (l|t|| INI), 

. ||T|| = ||-L|| = {{S K K) z ), 
|h|| = (SK K), 

I|A|| = ||V|| = ||^|| = ((5KK) z ^ ), 
||V T || = prll = (S(SK K) {K z T )), 

• l|eWII = 11*11, 
l|T|| = ||±|| = ^, 

Mil = u\\, 

\\A A B\\ = \\A V B\\ = \\A => B\\ = (z ^ \\A\\ \\B\\), 
||Vx^|| = ||3x^|| = ||(^ T /xM||. 

We check that if A rewrites in one step to B in T, then ||^4|| rewrites in 
at least one step to ||B|| in SK. If Ao,Ai,A 2 , ... is a reduction sequence in T, 
then the sequence \\A \\, \\Ai\\, \\A 2 \\, ... is a reduction sequence in SK, thus it is 
finite. 

Proposition 3.3.4 The rewrite system T is confluent. 



3.4. INFINITY 



43 



Proposition 3.3.5 Each term (resp. proposition) has a unique normal form 
for the rewrite system T and the congruence generated by this system can be 
checked in an algorithmic way. 

Proof. It is terminating and confluent. 

Proposition 3.3.6 Type theory has a model. 

Proof. Consider the model 

M t = {0} 

M, = {0,1} 

M T ^u = M™ T 

St,u,v = a i-> (b i-> (c i-> a(c)(6(c)))) 

Kt,u = o H (i h> o) 

a (a, 6) = a{b) 

£(a) = a 

T = 1 

i = 

■^(a) = 1 if a = and otherwise 

A(a,b) = 1 if a = 1 and 6 = 1 and otherwise 

V(o, 6) = 1 if a = 1 or 6 = 1 and otherwise 

=>{a, b) = 1 if a = or b = 1 and otherwise 

Vt(o) = 1 if for all b in Mt a(6) = 1 and otherwise 

3 T (o) = 1 if there exists a b in Mt such that a(b) = 1 and otherwise 

It is easy to check that \A\$ = when A = B. 



3.4 Infinity 

A set is said E to be infinite if there is function / mapping elements of E to 
elements of E that is injective, but not surjective. In type theory this proposition 
Infinite(E) is expressed as follows. 

3a 3/ Vx (e(E x) => (E (/ x))) A Vx Vy ((e(E x) A e(E y) 

Ae((/ x)=(f j,))) e (x=2/)) A (Vx (e(E x) ^ -e(a=(/ x)))) 

Notice that the proposition 3E Infinite(E) is not valid in the model of propo- 
sition 3.3.6, hence it is not provable. If we replace M t by the set N in the 
model of proposition 3.3.6, we keep a model of type theory and the proposition 
3E Infinite(E) is valid in this model. Thus, the proposition SE Infinite(E) 
is not valid in this model and therefore it is not provable either. Indeed, so far 
neither in type theory nor in set theory we have given an axiom that permits to 
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construct an infinite set. To be able to formalize mathematics we need to add 
such an axiom. 

In type theory, we add an axiom expressing that the set of objects of type t 
is infinite. Thus, the set E is such that e(E x) = T and we can formulate the 
axiom 

3a 3/ Vx My (e((f x)=(f y)) => e(x=y)) A (Vx -e(a=(/ x))) 

Instead of taking an existential axiom, we can give a name to the function and 
to the element that is not in its image. For instance, we can call them Su and 
and we get the two axioms 

Vx Vy (e((Su x)=(Su y)) =>■ e(x=y)) 

Vx -^e(0=(Su x)) 

that are two of Peano's axioms. 

These axioms become theorems if we add some symbols and rewrite rules. 

Definition 3.4.1 (Type theory with infinity) Type theory with infinity is 
the extension of type theory with individual symbols of type i, Su and Pred of 
type i — > i, an individual symbol Null of type i — > o and the rules 

{Pred (Su x)) — > x 

(Null 0) — ► T 
(Null (Su 0)) — > i 

Excercise 3.4.1 In simple type theory with infinity, prove the propositions 

Vx Vy (e((Su x)=(Su y)) e(x=y)) 

Vx ~^e(0=(Su x)) 

Proposition 3.4.1 Type theory with infinity has a model. 

Proof. Consider the model 

M t = N 
M = {0,1} 

6 = 0, 

Su = nHn + 1, 

Pred = n i-> if n = then else n — 1, 

Null = n i-> if n = then 1 else 0, 

St,u,v = o H (6 H (c h> a(c)(b(c)))) 

Kt,u = a h-> (b h-> o) 

a(a,b) = a(b) 
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T = 1 

i = 

^(a) = 1 if a = and otherwise 

A(a,b) = 1 if a = 1 and 6 = 1 and otherwise 

V(o, b) = 1 if a = 1 or b = 1 and otherwise 

=^(a, b) = 1 if a = or b = 1 and otherwise 

Vx(a) = 1 if for all b in Mr a(6) = 1 and otherwise 
3t(o) = 1 if there exists a 6 in Mr such that a(b) = 1 and otherwise 
It is easy to check that \A\$ = \B\$ when A = B. 

There are many ways to construct the natural numbers in type theory with 
infinity (as finite cardinals, ...). An easy way is simply to take for zero and 
(Su n) for the successor of n. 

Then the type t contains all the natural numbers, but possibly also other 
objects. The set of natural numbers can be defined as the smallest set containing 
and closed by successor, i.e. as the intersection of all such sets. An object is a 
member of N if it is a member of all sets E containing and closed by successor. 
Thus 

e(N n) = V£ ((e(E 0) A (Vx (e(E x) => e(E (Su x))))) =^ s(E n)) 
The existence of such an object given by proposition 3.3.1. 
Excercise 3.4.2 Prove the induction theorem 

V£ (e(E 0) A Vx (e(E x) s(E (Su x)))) =>• Vn (e(N n) => e(E n)) 

3.5 More axioms 

3.5.1 Extensionality 

In mathematics, it is usual to consider that two sets that have the same elements 
are equal and that two functions that are point-wise equal are equal. This leads, 
both in set theory and in type theory to the axiom of extensionality. In type 
theory, this axiom is stated 

V/V 5 ((Vxe((/ x)=(g x))) e(f=g)) 

Vx Vy (e(x) e(y)) => s(x=y) 

3.5.2 Descriptions 

The proposition 3.3.1 permits for instance to prove the existence of a function 
that adds two to its arguments, i.e. the proposition 



3/ Vx e((/ x)=(Su (Su x))) 
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but, it does not permit to prove the existence of a function that takes the value 1 
on 1 and the value anywhere else. Indeed, it can be proved that the proposition 

3/ Vx ((e(x=(Su 0)) e((/ x)=(Su 0))) A (-.g(a;=(Su 0)) =>• e((/ x)=0))) 

has no proof in type theory. 

In contrast, with the proposition 3.3.1, it is easy to prove the existence of 
the graph of this function, i. e. the proposition 

3R Vx Vy (e{R x y) <£> ((e(x=l) e(y=l)) A (-e(x=l) e(j/=0)))) 

and we can also prove, for instance by induction, that this relation is functional, 
i.e. that 

Vx (e(N x) => 3 x y e(R x y)) 

But to conclude to the existence of the function we need the following axiom 
(descriptions axiom) 

VP VQ (Vx (e(P x) 3^ e(Q x y)) =>• 3/ Vx (e(P x) e(Q x (/ x))) 

that relates functions and functional relations. 

In set theory, functions are functional relations, thus they need no axiom to 
be related. 

3.6 Type theory with a binder 

We have seen in proposition 3.3.1 that to have a language containing the function 
symbols cxt,u and the individual symbols St,u,v and Kt,u and the related 
rewrite rules is sufficient to prove that, for each term t and variable x there 
is a term u not containing the variable x such that (u x) = t. But, the term 
u is sometimes cumbersome to compute. It is more comfortable to have a 
symbol i-> such that the function mapping x to t can simply be written x H> t. 
The symbol i-> is a function symbol of one argument binding one variable in 
its argument. When we take the symbol the symbols S and K become 
superfluous (S = x i-> y i-> z i-> ((x z) (y ^)), K = x i-> y i-> x). We thus get 
the following theory. 

Definition 3.6.1 (Language of type theory with a binder) The language 
of simple type theory with a binder is formed with 

• a predicate symbol e of rank (o), 

• for each pair of type T, U , a function symbol aT,u of rank (T — ► U, T, U), 
for each pair of types T,U a function symbol i-> of rank ((T, U),T — ► [/), 

• individual symbols T and ± o/ sorf o, 
an individual symbol of sort o — > o ; 
individual symbols A, V, o/ sort o — > o — > o, 

for each type T, individual symbols Vt and 3t of type (T — ► o) — > o. 
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Definition 3.6.2 (Rewrite system of type theory with a binder) The rewrite 
system T' is defined by the rules 

((x i — ^ t) u) — > (u/x)t 

6(f) -> T 

e(i) -> JL 
x) — s> -~ is(x) 
e(A x y) — s> e(x) A 
e(V x y) — > e(x) Ve(y) 
e(4> id) — s> e(x) =^ e(y) 
e(V T — > Vy e(x y) 
s(3 T x) — 3y e(x y) 

To prove that the rewrite system T' is terminating, we first focus on the first 
rule. 

Proposition 3.6.1 (Tait's theorem with a binder) The rewrite system 

((x i — ^ t) u) — > (u/x)t 

is strongly terminating. 

Proof. The set |T| of reducible terms of type T is defined by induction over the 
height of T. 

• If T is i or o then £ is in \T\ if and only if it is strongly terminating. 

• If T = Ti — > Ti then t is in \T\ if and only if it is strongly terminating 
and when its reduces to a term of the form x H> t' then for every term u 
in |Ti|, (u/x)f is in |T 2 |. 

To prove that all terms of type T are strongly terminating, we prove that 
all terms of type T are in \T\. More generally, we prove, by induction over the 
height of t, that if t is a term of type T, a a substitution mapping variables of 
type U to elements of \U\, then crt is in \T\. 

• If t = y, then if y is in the domain of a then at is in \T\. Otherwise, 
at = y, the variable y is normal, hence it is strongly terminating and it 
cannot reduce to a term of the form x i-> t', hence it is in |T|. 
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• If t = x i-> u, then T = Ti — » T2. Modulo alphabetic equivalence, we can 
chose the variable x not appearing in a, thus (rt = iH aw. This term is 
strongly terminating because a reduction sequence issued from it can only 
reduce the term au and, by induction hypothesis, this term is in \T 2 \ and 
thus it is strongly terminating. Then, if at reduces to the term iHi', 
then t' is a reduct of au. Let v be a term of |Tb | , the term (v/x)t' is a 
reduct of ((v/x) o <t)w, that is in |T2| by induction hypothesis. It is easy 
to check that |2~2 1 is closed by reduction. Thus the term (v/x)t' is in \T2\. 

Hence, the term at is in \T\. 

• If t = (ti t 2 ) and ti is a term of type U — > T and t 2 a term of type U. 
We have at = (ati at 2 ). By induction hypothesis at\ and cr^ are in the 
sets \U — > T\ and |C/|. To prove that at is in \T\, we prove that if ui is in 
|[/ — > T\ and w 2 is in U then («i u 2 ) is in |T|. 

The terms Ui and w 2 are strongly terminating. Let n be the maximum 
length of a reduction sequence issued from Ui and n' the maximum length 
of a reduction sequence issued from u 2 . We prove that (ui u 2 ) is in |T| 
by induction onn + n'. 

First we prove that (ui u 2 ) is strongly terminating. Consider a reduction 
sequence issued from this term. If the first redex is in Ui or u 2 then we 
apply the induction hypothesis, otherwise the redex is at the root of the 
term (ui u 2 ), ui has the form ii-)ti' and the first step of the reduction 
sequence reduces (ui u 2 ) to (u 2 /x)u'. This term is in \T\, hence it is 
strongly terminating and the reduction sequence is finite. Then, we prove 
that if T = Ui — > U 2 and (ui u 2 ) reduces to a term of the form y i-> v, then 
for every term w in \U±\, (w/y)v is in \U 2 \. As (ui u 2 ) is an application, 
the reduction sequence is not empty. If the first redex is in Ui or u 2 , we 
apply the induction hypothesis, otherwise the redex is at the root of the 
term (ui u 2 ), ui has the form ii-)ti' and the first step of the reduction 
sequence reduces (ui u 2 ) to (u 2 /x)u'. This term is in |T| and it reduces 
to y I-?- v, hence for every term w in \U\\, (w/y)v is in \U 2 \. Thus the term 
(ui u 2 ) is in \T\. 



Proposition 3.6.2 The rewrite system T' is strongly terminating. 

Proof. We follow the lines of the proof of proposition 3.3.3 and reduce termina- 
tion in T' to termination in the system formed with the first rule. We define a 
translation || || of the terms and the propositions of type theory into terms of 
type theory. In each type T, we choose a variable zt- 

• ||x|| = x, 

• \\x 1 — ^ £|| — x 1 — y \\t\\, 

• ll(t«)ll = (l|t|| INI), 
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|T|| = ||i|| = ((x (-> x) z ), 

l^ll = l|V|| = ||=H| = (( x ^ x ) Zo^o^o), 

|Vt|| = ||3t|| =ih(i zt), 

Ht)\\ = \\t\\, 

|T|| = ||±||=z , 

Mil = PH. 

\A A B\\ = \\A V B\\ = \\A => B\\ = (z ^ \\A\\ \\B\\), 
|Vx^|| = ||3x^|| = ||(z T /x)^||. 

We check that if A rewrites in one step to B in T, then ||^4|| rewrites in at 
least one step to ||B|| in the system formed with the first rule. If Ao, Ai, A 2 , ... is 
a reduction sequence in T, then the sequence 1 1 Ao \ \ , \ \ Ai \ \ , \ \ A 2 \ \ , ■ ■ ■ is a reduction 
sequence in the system formed with the first rule, thus it is finite. 



Proposition 3.6.3 The rewrite system T' is confluent. 

Remark. If we add the axiom of extensionality to both formulations of type 
theory we get equivalent theories, i.e. each language can be translated into the 
other preserving provability. When we do not take the extensionality axioms, 
there are subtle differences between these theories, we shall not discuss here. 

Remark. Some authors use the notation Ax t for i 4 t, hence the name A- 
calculus for this language. 
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Chapter 4 

Cut elimination in 
predicate logic 



4.1 Uniform proofs 

A natural deduction proof built without the excluded middle rule is said to be 
constructive. The choice of this name comes from the fact that, as we shall see, 
from a constructive proof in the empty theory of a proposition of the form 3x A, 
it is possible to compute a term t and a proof of the proposition (t/x)A. Such a 
term t is called a witness of the proposition 3x A. Thus, explicitly or implicitly, 
a constructive existence proof contains a witness. 

Conversely, from a term t and a proof of (t/x)A, the rule 3-intro permits to 
build a proof of the proposition 3x A. A proof ended by an introduction rule 
is said to be uniform. Witnesses are explicit in uniform existence proofs. Thus, 
it is equivalent to have a term t and a proof of (t/x)A or a uniform proof of 
the proposition 3x A. To prove that from a constructive proof of a proposition 
of the form 3x A we can compute a witness, we shall prove that all proofs can 
be transformed into uniform ones. For instance, the non uniform proof of the 
proposition 3x (P(x) P(x)) 

P(c) h P(c) _ . 

-intro 



3x (P(x) =^ P(x)) h 3x (P(x) P(x)) h Pic) =>> P(c) 
__ ^-intro-; — = — lr ,,\ ,,, ]-intro 



h 3a; (P(x) P{x)) 3a; (P(a;) P(x)) h 3x (P(x) P(a;)) 

=>-(>litn 



will be transformed into 



I- 3x (P(x) P(a;)) 
P(c) h P(c) 



intro 



h P(c) => P(c) 
d-mtro 



h 3a; (P(x) P(a;)) 

From the fact that all proofs can be transformed into uniform ones, we will 
deduce that 



• _L has no proof, 
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• if -i A has a proof then ± has a proof from the axiom A, 

• if A A B has a proof then A has a proof and B has a proof, 

• if A V B has a proof then A has a proof or B has a proof, 

• if A =>• P has a proof then P has a proof from the axiom A, 

• ifVxA has a proof then A has a proof, 

• if 3x A has a proof then there is a term t such that (t/x)A has a proof. 

The results obtained for the case of T, -i, A, => and V are trivial, they can 
simply be established with the elimination rules. The interesting results are 
thus for ±, V and 3. The result in the case of the existential quantifier 3 is the 
witness property. The result obtained in the case of the disjunction V is called 
the disjunction property. The result obtained in the case of the contradiction 
J. is the consistency of the empty theory. Thus, like model constructions, proof 
transformation results permit to prove consistency and independence results. 

Excercise 4.1.1 (Independence of the Excluded middle rule) Consid- 
er a language formed with a proposition symbol P and a theory containing no 
axioms and no rewrite rules. Construct a model where the proposition P is not 
valid. Does this proposition have a proof ? Construct a model where the propo- 
sition -P is not valid. Does this proposition have a proof ? Does the proposition 
P V -P have a constructive proof ? 

Excercise 4.1.2 Consider a language formed with a proposition symbol P and 
a theory containing no axioms and no rewrite rules. Construct a model where 
the proposition P is not valid. Does this proposition have a proof ? Construct a 
model where the proposition -P is not valid. Does this proposition have a proof ? 
Does the proposition P V -P have a proof (possibly using the excluded middle 
rule) ? Does natural deduction with the excluded middle have the disjunction 
property ? 

Excercise 4.1.3 Consider a language formed with a proposition symbol P, a 
predicate symbol Q of one argument and two individual symbols and 1 and a 
theory containing no axioms and no rewrite rules. Construct a model where the 
proposition 

(((0(0) => Q(0)) A P) V (Q(l) => Q(0) A -,P)) 

is not valid. Does this proposition have a proof ? Construct a model where the 
proposition 

(((0(0) => Q(l)) A P) V (Q(l) => Q(l) A -,P)) 
is not valid. Does this proposition have a proof ? Does the proposition 

3x (((0(0) => Q{x)) A P) V (0(1) => Q{x) A -.P)) 

have a proof (possibly using the excluded middle) ? Does natural deduction with 
the excludes middle rule have the witness property ? 
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Remark. Some problems in mathematics have the form "Find an object x 
such that A" . One way to solve such a problem is to prove constructively the 
proposition 3x A, to transform this proof into a uniform one and to read the 
witness in the proof. For instance, finding the quotient of the division of 9 by 2 
can be done in the following way: fist prove constructively the proposition 

3q 3r (9 = 2 x q + r A r < 2) 

then transform this proof into a uniform one and read the witness in the proof. 
One advantage of proceeding this way, compared to other division algorithms, 
is that the result cannot be wrong. Indeed, a uniform proof of 

3q 3r (9 = 2 x q + r A r < 2) 

not only contains the witness 4 but also a proof of the proposition 

3r(9 = 2x4 + rAr<2) 

Of course, finding a proof of the proposition 

3q 3r (9 = 2 x q + r A r < 2) 

may be tedious, but it is not if we prove once for all the proposition 

Vn Vp (-i(p = 0)=>3q3r(n=pxq + rAr< p)) 

Notice that when we apply this theorem to 9 and 2 and to a proof of -i2 = we 
get a proof of 

3q 3r (9 = 2 x q + r A r < 2) 

that is not uniform. Thus, this proof needs to be transformed before the witness 
can be read. The quotient 4 is computed during this transformation. Thus cut 
elimination is the execution process of mathematics seen as a programming 
language. 



4.2 Cuts and cut elimination 

Definition 4.2.1 (Cut, cut free) A cut is a proof ended with an elimination 
rule whose left premise is proved by an introduction rule on the same symbol. 
Here are the different cases 

77 

r\XFT tt' 

■ -i-mtro 



rh-u4 T\-A 
p l_ i-ewm 

/ 

77 77 



T\- A r h B 

ThAAB A ~ intro 
— p l_ — A-elim 
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77 77 

tVa TFb 



A-intro 



T\-AAB 
— p l_ ^ — A- dim 



rhi 77' 

; V-tntro 



T\-AWB T,A\-C T,B\-C 
p l_ q V-ewm 



TY-B 77' 
: V-tntro 



T\-AWB T,A\-C T,B\-C 
p l_ ^ V-ewm 

77 



f,a\-b 77 

-tntro 



T \- A => B r h A 
FhB =>-elim 

77 



r \- a 

r r w — r V-intro 
T\-Wx A 

V-ehm 



T I- (t/a;)^ 
77 



r h (t/sM . , 77' 

r h 3a; t1 a - mtro r,4hB , 
p l_ ^ d-elim 

A proof contains a cut if one of its sub-trees is a cut. Otherwise it is cut free. 



It is easy to check that cut free proofs in the empty theory are uniform. 

Proposition 4.2.1 In the empty theory, a cut free proof ends with an intro- 
duction rule. 

Proof. By induction over the height of the proof. The last rule cannot be 
an axiom rule, because the theory contains no axioms. If the last rule is an 
elimination, then the left premise of the elimination is proved with a cut free 
proof. Hence it ends by an introduction and the proof is a cut contradicting the 
fact that it is cut free. 

Thus to prove that all proofs can be transformed into uniform ones we will 
prove that all proofs can be transformed into cut free ones. To do so, we define 
a process that eliminates cuts step by step. A cut of the form 

77 

r,A h J. 77' 

TF ^ T ^-intro p^ 
fFT '-elim 

is replaced by the proof obtained this way: in the proof 7r we suppress the 
hypothesis A in all sequents, then each time the axiom rule is used with this 
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proposition, we replace it with the proof n' . A cut of the form 



77 



r h a r h b 
rhiAB A " intro 

A-elim 



T h A 

is replaced by the proof n. A cut of the form 

77 77 



r h a r h b 

^p^^g-A-intro 
A-elim 



T h B 

is replaced by the proof n'. A cut of the form 



T\- A 

; V-intro - 



T\-AVB T,A\-C r,B\-C 

rFc v " elim 

is replaced by the proof obtained this way: in the proof 7r' we suppress the 
hypothesis A in all sequents, then each time the axiom rule is used with this 
proposition, we replace it by the proof n. A cut of the form 



T\- B 

; V-intro - 



T\-AVB T,A\-C T,B\-C 
V-elim 

is replaced by the proof obtained this way: in the proof n" we suppress the 
hypothesis B in all sequents, then each time the axiom rule is used with this 
proposition, we replace it by the proof n. A cut of the form 



T,A\-B 



-intro 



t\-a=^b r\-A 

TKB =>-elim 

is replaced by the proof obtained this way: in the proof n we suppress the 
hypothesis A in all sequents, then each time the axiom rule is used with this 
proposition, we replace it with the proof 7r'. A cut of the form 

77 



r h a 
rhv^ v - lntro 
rhtt/x)/* 



is replaced by the proof n where the variable x is substituted by the term t 
everywhere. A cut of the form 
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is replaced by the proof obtained this way: in the proof n', we substitute the 
variable x by the term t everywhere, then we suppress the hypothesis (t/x)A 
in all sequents and each time the axiom rule is used with this proposition, we 
replace it with the proof n. 

Excercise 4.2.1 Eliminate the cuts in the proof 

P(c) h P(c) 



-intro 



3x (P(x) P(x)) h 3x (P(x) =^ P(x)) h P(c) =^ P(c) _, 

— — — - -*■ -intro -, — =; — , ,,, x — , \ \ 3-intro 



h 3x (P(x) ^> P(x)) =» 3x (P(x) P(x)) |- 3 X (p( x ) ^ p( x )) 

I- 3x (P(x) =>• P(x)) ^-ehm 

When a proof contains a cut, it is always simple to remove it, thus the cut 
elimination process is not difficult to define. But removing a cut may create 
new cuts, so the main question is that of the termination of this process. 



4.3 Proofs as terms 

The cut elimination process of the previous section is still cumbersome to ex- 
press. This is due to the fact that we use a too cumbersome notation for natural 
deduction proof. The goal of this section is to introduce another notation for 
these proofs. 

As we have seen, one of the key operations in this proof transformation 
process is the substitution of a variable by a term. Another key operation is 
the following: in a proof n of the sequent T,A h B, remove the hypothesis 
A in all sequents and replace the axiom rules on this proposition by a proof 
7r' of the sequent T \- A. To be able to express smoothly this operation, it is 
better to use a notation where proofs are expressed by terms containing special 
variables standing for proofs of the hypotheses. Thus to express a proof of a 
sequent Ai,...,A n h B we shall first introduce variables £i,...,£ n standing for 
proofs of the propositions Ai,...,A n . If B is the proposition Ai and the sequent 
Ai,...,A n h Ai is proved with the axiom rule, we shall write this proof 

Now a proof n of the sequent r, A h B is expressed by a term containing one 
variable for each proposition of T and a variable £ for A and the proof obtained 
by removing the hypothesis A in all sequents of n and replacing the axiom rules 
on this proposition by a proof n' of the sequent r h A is simply obtained by 
substituting the proof n' for the variable £ in n. 

For each natural deduction rule, we introduce a function symbol. To express 
a proof such as 

77 77 

FF^4 r h b 
rhiAB A " intro 

we express first the proofs n and n' as terms, then we apply the function symbol 
of two arguments associated to the rule A-intro to n and n'. 

In the case of the rule =^-intro, we transform a proof n of the sequent T,A\- 
B into one of the sequent r h A B containing less hypotheses. The proof n 
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is expressed by a term containing a variable £ standing for a proof of A. This 
variable must not appear in the proof oiT \- A=$~ B. Thus the function symbol 
associated to the rule =^-intro must be a binder. 

From now on, to simplify proofs, we shall drop the negation symbol -i. 
Everything works for the proposition ->A as for the proposition A =>• _L. 

Definition 4.3.1 (Term notation for proofs) We express proofs as terms 
in a language with two sorts: one for terms of the theory and the other for 
proof-terms. Terms of the theory will be written with Latin letters (t, u, ...) 
while proof-terms will be written with Greek letters (n, ...). 

• The proof 

-T a ,_ T. Axiom 

is expressed by the term 

• The proof 

p-pj T-intro 

is expressed by the term I, where I is an individual symbol. 

• The proof 



rhi 

r |_ A -L-elim 

is expressed by the term 6±(tt), where 6± is a function symbol of one 
argument. 

The proof 



n-i t\-b 

ThAAB A ~ mtr ° 

is expressed by the term (tt,it'), where (,) is a function symbol of two 
arguments. 

The proof 



ri-iAB 

— p l_ — A-elim 
is expressed by the term fst(ir) and the proof 



ri-iAB 

— p |_ — A-elim 



is expressed by the term snd(n) where fst and snd are function symbols of 
one argument. 
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The proof 

T~Fa 



T\-AVB 

is expressed by the term and the proof 



W-intro 



r h b 

: V-intro 



r\-AVB 

is expressed by the term where i and j are function symbols of one 
argument. 

The proof 



rhiVB T,A\-C T,A\-C 

rhivB y - mtro 

is expressed by the term 6(n, £ n',x 7r ")> where 6 is a function symbol of 
three arguments binding one variable in its second argument and one in 
its third. 

The proof 



T,A\- B 

TTa^b^-™* 

is expressed by the term £ >-> n, where ^ is a function symbol of one 
argument binding one variable in its argument. 

The proof 



T\-A^B T\- A 
p l_ g =>-elim 

is expressed by the term a(-K,n'), where a is a function symbol of two 
arguments. This term is also simply written (n n'). 

The proof 



r\-A 

■ V-intro 



ri-Vx A 



is expressed by the term x >-> n, where ^ is a function symbol of one 
argument binding one variable in its argument. 

The proof 



ThMxA 

■ v-ehm 



r h (t/x)A 

is expressed by the term a(n, t) where a is a function symbol of two argu- 
ments. This term is also simply written (n t). 
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The proof 

77 

TT(t/x)A 

r h 3x A 



3-intro 



is expressed by the term (t,ir) where (,) is a function symbol of two argu- 
ments. 

The proof 



r\-3xA r,ihB n , 

p p g 3-elim 

is expressed by the term 6b(tv, x£ tt') where 63 is a function symbol of two 
arguments binding two variables in its second argument. 

Excercise 4.3.1 Write the term associated to the proof 

P(c) h P(c) 



=>-intro 



3x (P(x) =>> P{x)) h 3x (P(x) =^ P(x)) h P(c) =^ P(c) 
— — intru -, — =; — , ,,, x — , \ \ 3-intro 



h 3x (P(x) ^ P(a:)) =^ 3x (P(x) g- P(x)) h g x (p( x ) ^ p(a;)) 

h 3x (P(x) =>• P(a;)) ^-ehm 

Remark.(An historical note on the choice of symbols) The choice of these sym- 
bols comes from a tradition due to Brouwer, Heyting and Kolmogorov, according 
to which 

• there is only one proof of T, 

• there is no proof of ±, 

• a proof of A A B is an ordered pair formed with a proof of A and a proof 
ofE, 

• a proof of A V B is a boolean value together with a proof of A or B 
according to the value of the boolean, 

• a proof of A =^ B is a function mapping proofs of A to proofs of B, 

• a proof of Vx A is a function mapping any object £ to a proof of (t/x)A, 

• a proof of 3x >1 is an ordered pair formed with a term t and a proof of 
(t/x)A. 



Remark. (Types of proofs) If n is a proof of B under the hypothesis A then 
£ 7r is a proof of >1 =^ B. As all proofs have the same sort, the proof-term 
£ 7r does not have a type, but if we wanted to give a type to it, it would 
get the type A' — > B' where A' is the type of proofs of A and B' the type of 
proofs of B. Thus the type of a proof would be isomorphic to the proposition 
proved by the proof-term. This isomorphism is called Curry-de Bruijn-Howard 
isomorphism. In particular it can be proved that a type contains a closed term 
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in the language of definition 3.3.2 or 3.6.1 if and only if this type is isomorphic 
to proposition that has a constructive proof. 

As proof-terms have no type, there are proof-terms that are proof of no 
proposition. For instance, if P is a proposition symbol and £ a variable standing 
for a proof of P then the proof-term (£ £) does not corresponds to any proof. 
The natural deduction rules are now used to express which proof-terms is a a 
proof of which proposition. We use a notation £i : A\, : A n \- n : B to 

express that n is a proof of the sequent Ai,...,A n h B where £i, are the 
names given to the variables of standing for proofs of the propositions Ai,...,A n . 
The rules are the following. 

Definition 4.3.2 (Deduction rules with proofs) 

r r , . , Axiom if£:AeT 



T h / : _L 
T h 7T : _L 



T-intro 



±-elim 



ri-<5_L(7r) :A 

T\-n:A T h tt' : B 
Tl- <7r,7r') :iAB 

T h tt : ^ AB 



A-intro 



T h Mtt) : ^ 

T h tt : ^ Afi 
T h snd(7r) : £ 

T\-tt:A 
T h i(7r) :iVB 

T \- tt : B 



A- dim 



A-elim 



V-intro 



V-intro 



T h j(7r) :iVB 
r h tt : ^ V B T,£:A\-tt':C T, X : B h tt" : C 



rh5(7r,£7r',X7r") :C 
^,,C:,4^7^:£ 

r h tt : ,4 =^ £ ThTr':^ 



W-elim 



intro 



r h (tt tt') : E 

T h x i-> 7r : Vx ^ 

T h tt : Vre A 
r I- (tt t) : (t/a;),4 



-elim 



V -intro ifx$FV(T) 



'i-elim 
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r h tt : (t/x)A _, 
— — 3 intra 



T h <f , tt) : 3x A 

T\-tt:3xA T^:A\-tt':B 
T\- 5 3 (tt,x^tt') :B 



3-elim ifx£FV(T,B) 



Proposition 4.3.1 A sequent A±, . . . , A n h B is derivable in natural deduction 
if and only if there exists a term tt such that the judgment £i : Ai , . . . , £ n : A n h 
7r : B is derivable in this system. 

The cut elimination rules can now be rephrased on the proof-terms 
Definition 4.3.3 (Cut elimination rules) 

fst{{-Ki,-K 2 )) > 7Tl 

snd((7ri,7r 2 )) — > n 2 
d(j(iri),€Tr 2 ,XTr 3 ) — > (tti/x)^ 

((^TTi) 7T 2 ) — ¥ (TTa/OTTl 

({x i-> 7r) t) — (t/x)n 

53({t,iri),£xir 2 ) — > (t/x,iri/£)ir 2 

Proposition 4.3.2 (Subject reduction) If T \- n : P and tt — > tt 1 then 
r h tt' : P. 



4.4 Cut elimination 

We now want to prove that if a proof-term is a proof of some proposition then 
it is strongly terminating. Following the idea of Curry-de Bruijn- Howard iso- 
morphism, this proof extends that of proposition 3.6.1. 

Definition 4.4.1 (Reducible proof-terms) Let A be a proposition. We de- 
fine the set \A\ of reducible proof-terms of A by induction over the height of 
A. 

• If A is an atomic proposition then a proof-term it is an element of \A\ if 
it is strongly terminating. 

• A proof-term tt is an element of |T| if it is strongly terminating. 

• A proof-term tt is an element of \±\ if it is strongly terminating. 

• A proof-term tt is an element of \A A B\ if it is strongly terminating and 
when tt reduces to a proof-term of the form (tti, tt 2 ) then tt\ is an element 
of \A\ and tt 2 is an element of \B\. 
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• A proof-term tt is an element of \A V B\ if it is strongly terminating and 
when tt reduces to a proof-term of the form 1(^1) (resp. jfa)) then tt\ 
(resp. it?,) is an element of\A\ (resp. \B\). 

• A proof-term tt is element of \A B\ if it is strongly terminating and 
when tt reduces to a proof-term of the form £ >-> tti then for every tt' in 
\A\, (tt'/Qtti is an element of\B\. 

• A proof-term tt is an element of |Vx A\ if it is strongly terminating and 
when tt reduces to a proof-term of the form x >-> tt\ then for every term t 
(t/x)-iTi is an element of\(t/x)A\ (which is equal to \A\). 

• A proof-term tt is an element of \3x A\ if it is strongly terminating and 
when tt reduces to a proof-term of the form (t,TTi) then m is an element 
of \(t/x)A\ (which is equal to \A\). 

Lemma 4.4.1 Elements of \A\ are strongly terminating. 

Proof. By definition. 

Lemma 4.4.2 If tt is an element of \A\ and tt — > tt' then tt' is an element of 
\A\. 

Proof. By definition. 

Lemma 4.4.3 All variables are members of\A\. 
Proof. By definition. 

Lemma 4.4.4 If tt is an elimination and if for every tt' such that tt — > x tt' , 
tt' e |^| then tt £ \A\. 

Proof. We first prove that tt is strongly terminating. Let tt = tti, tt 2 , ■ ■ ■ be a 
reduction sequence issued from tt. If this sequence is empty it is finite. Oth- 
erwise we have tt — > x tti and hence TT2 is an element of \A\ thus it is strongly 
terminating and the reduction sequence is finite. 

Then, we prove that if tt reduces to a introduction then the sub-terms belong 
to the appropriate sets. Let tt = m, TT2, ■ ■ ■ TT n be a reduction sequence issued 
from tt and such that TT n is an introduction. This sequence cannot be empty 
because tt is an elimination. Thus tt — > x tti — > ir n - We have tt-i £ \A\ and 
thus if TT n is an introduction the sub-terms belong to the appropriate sets. 

Proposition 4.4.5 (Gentzen-Prawitz theorem) IfT h tt : A then the proof- 
term tt is strongly terminating. 
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Proof. By lemma 4.4.1, it is sufficient to prove that if T h n : A then the 
proof-term it is an element of |^4|. More generally, we prove, by induction over 
the height of the proof-assignment tree, that if T h n : A, 6 is a substitution 
mapping the term variable to terms and a is a substitution mapping some proof 
variables associated to a proposition B in T to an element of \B\, then a6n is 
an element of |^4|. 

• Axiom. If 7r is a variable £, we have : A) € T. If £ is in the domain of 
definition of ct, then a9£ = at; is an element of |^4|, otherwise <70£ = <r£ = £ 
is an element of by proposition 4.4.3. 

• T-intro. The proof-term tt has the form I. We have o~6n = I. This proof- 
term is normal and thus it is strongly terminating. Hence, the proof-term 
adl is in |^4|. 

• A-intro. The proof-term n has the form (pi,/^) where p\ is a proof of 
some proposition B and pi a proof of some proposition C. We have 
o~6tt = {o-6pi,a6p2). Consider a reduction sequence issued from this proof- 
term. This sequence can only reduce the proof-terms uOpi and oQpi- 
By induction hypothesis these proof-terms are in \B\ and \C\. Thus the 
reduction sequence is finite. 

Furthermore, all reducts of a6n have the form (p[ , p' 2 ) where p[ is a reduct 
of uOpi and p' 2 one of oQpi- The proof-terms p[ and p' 2 are in \B\ and |C| 
by proposition 4.4.2. 

Hence, the proof-term a6(pi,p2) is in |^4|. 

• V-intro. The proof-term n has the form i(p) (resp. j(p)) and p is a proof 
of some proposition B. We have a9n = i(a6p) (resp. j(adp)). Consider 
a reduction sequence issued from this proof-term. This sequence can only 
reduce the proof-terms a6p. By induction hypothesis this proof-term is 
an element of \B\. Thus the reduction sequence is finite. 

Furthermore, all reducts oiuOn have the form i(p') (resp. j(p')) where p' 
is a reduct of a6p. The proof-term p' is an element of \B\ by proposition 
4.4.2. 

Hence, the proof-term a6i(p) (respectively a6j(p)) is an element of |^4|. 

• =£>-intro. The proof-term n has the form £ i-> p where £ is a proof variable 
of some proposition B and p a proof of some proposition C. We have 
<7#7r = £ i-> <70/9, consider a reduction sequence issued from this proof- 
term. This sequence can only reduce the proof-term a6p. By induction 
hypothesis, the proof-term aOp is an element of |C|, thus the reduction 
sequence is finite. 

Furthermore, all reducts of aOn have the form £ i-> p' where p' is a reduct 
of <70/9. Let r be any proof of \B\, the proof-term (t/£)p' can be obtained 
by reduction from ((t/£) o <j)0/9. By induction hypothesis, the proof-term 
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((t/£) o a)6p is an element of \C\. The proof term {r/Qp 1 is an element 
of \C\, by proposition 4.4.2. 

Hence, the proof-term <r#(£ >-> p) is an element of \A\. 

V-intro. The proof-term 7r has the form x >-> p where p is a proof of some 
proposition B. We have a6n = 14 a9p. Consider a reduction sequence 
issued from the proof-term a6n = x >-> a6p. This sequence can only 
reduce the proof-term a6p. By induction hypothesis, the proof-term a6p 
is an element of \B\, thus the reduction sequence is finite. 

Furthermore, all reducts of a6n have the form x >-> p' where p' is a 
reduct of u6p. The proof-term (t/x)p' is obtained by reducing the proof- 
term ((t/x)a)((t/x) °6)p. By induction hypothesis again, the proof-term 
((t/x)a)((t/x) o 0)p is an element of \B\. The proof-term (t/x)p' is an 
element of \B\, by proposition 4.4.2. 

Hence ad(x >-> p) is an element of \A\. 

3-intro. The proof-term tt has the form (t, p), where p is a proof of some 
proposition B. We have a6n = (8t,a6p). Consider a reduction sequence 
issued from this proof-term. This sequence can only reduce the proof- 
term a6p. By induction hypothesis this proof-term is in \B\. Thus the 
reduction sequence is finite. 

Furthermore, all reducts of a6n have the form {8t, p') where p' is a reduct 
of adp. The proof-term p' is an element of \B\, by proposition 4.4.2. 

Hence, the proof-term a6(t,p) is an element of |^4|. 

_L-elim. The proof-term tt has the form Sj_(p) where p is a proof of ±. 
We have a6n = 5±(a6p). By induction hypothesis, the proof-term a6p 
is an element of |_L|. Hence, it is strongly terminating. Let n be the 
maximum length of reduction sequences issued from this proof-term. We 
prove by induction on n that 6±(a6p) is in |^4|. Since this proof-term is 
an elimination, by proposition 4.4.4, we only need to prove that every of 
its one step reducts is in |^4|. The reduction can only take place in a9p 
and we apply the induction hypothesis. 

Hence, the proof-term a66±(p) is an element of |^4|. 

A-elim. We only detail the case of left elimination. The proof-term it has 
the form fst(p) where p is a proof of some proposition A A B. We have 
<7#7r = fst(a6p). By induction hypothesis the proof-term a6p is in \A AB\. 
Hence, it is strongly terminating. Let n be the maximum length of a 
reduction sequence issued from this proof-term. We prove by induction 
on n that fst(a6p) is in the set |^4|. Since this proof-term is a elimination, 
by proposition 4.4.4, we only need to prove that every of its one step 
reducts is in \B\. If the reduction takes place in a6p then we apply the 
induction hypothesis. Otherwise u6p has the form (p'i,p' 2 ) and the reduct 
is p[. By the definition of \A A B\ this proof-term is in |^4|. 

Hence, the proof-term a6fst(p) is an element of |^4|. 
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• V-elim. The proof-term n has the form 5(pi,£p2 XPs) where p\ is a proof 
of some proposition B V C and p2 and pz are proofs of A. We have 
a6n = 5(a9pi,£a9p2,X&6p3)- By induction hypothesis, the proof-term 
uOpi is in the set \B V C\, and the proof-terms adp2 and uOpz are in the 
set \A\. Hence, these proof-terms are strongly terminating. Let n, n' and 
n" be the maximum length of reduction sequences issued from these proof- 
terms. We prove by induction on n + n' + n" that 6(a6pi , <J0£/92, X "^) 
is in \A\. Since this proof-term is an elimination, by proposition 4.4.4, 
we only need to prove that every of its one step reducts is in |^4|. If the 
reduction takes place in a6pi, u6p2 or aOpz then we apply the induction 
hypothesis. Otherwise, if aOpi has the form i(p') (resp. j(p')) and the 
reduct is ((p'/0 °a)6p 2 (resp. {{p' lx)°a)Qpz)- By the definition of \BvC\ 
the proof-term p' is in \B\ (resp. |C|). Hence by induction hypothesis 
((p'/0 o a)dp 2 (resp. ((p'/x) ° <^Wp 3 ) is in \A\. 

Hence, the proof-term v6S(pi,£p2,XP3) is 311 element of \A\. 

• =^-elim. The proof-term n has the form (pi p 2 ) and p\ is a proof of 
some proposition B =>• A and p2 a proof of the proposition B. We have 
<707r = (a6pi u6p2). By induction hypothesis aOpi and <70/92 are in the 
sets \B =>• >1| and Hence these proof-terms are strongly terminating. 
Let n be the maximum length of a reduction sequence issued from uOpi 
and n' the maximum length of a reduction sequence issued from a6p 2 . We 
prove by induction onn+n' that (a6pi a6p2) is in the set |^4|. Since this 
proof-term is an elimination, by proposition 4.4.4, we only need to prove 
that every of its one step reducts is in |^4|- If the reduction takes place in 
<70/9i or in u6p2 then we apply the induction hypothesis. Otherwise oBp\ 
has the form £ i-> p' and the reduct is (a9p2/£)p'. By the definition of 
\B =>• A\ this proof-term is in |^4|. 

Hence, the proof-term a6(pi P2) is an element of |^4|. 

• V-elim. The proof-term 7r has the form (p t) where p is a proof of some 
proposition Vx B and A = (t/x)B. We have a6n = (adp 8t). By induc- 
tion hypothesis, the proof-term a6p is in |Vx B\. Hence, it is strongly 
terminating. Let n be the maximum length of a reduction sequence issued 
from this proof-term. We prove by induction on n that (a6p 6t) is in the 
set \A\. As this proof-term is an elimination, by proposition 4.4.4, we only 
need to prove that every of its one step reducts is in |^4|. If the reduction 
takes place in a6p then we apply the induction hypothesis. Otherwise a9p 
has the form x >-> p' and the reduct is (8t/x)p'. By the definition of |Vx B\ 
this proof-term is in |^4|. 

Hence, the proof-term a6(p t) is an element of |^4|. 

• 3-elim. The proof-term 7r has the form 6b(pi,x^P2) where p\ is a proof 
of some proposition 3x B and P2 is a proof of A. We have a6n = 
5s(a6pi,x^a6p2). By induction hypothesis, the proof-term a9pi is in the 
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set \3x B\ and the proof-term oQpi is in the set |^4|. Hence, these proof- 
terms are strongly terminating. Let n and n' be the maximum length of 
reduction sequences issued from these proof-terms. We prove by induc- 
tion onn + n' that 6s(a6pi,x^a6p2) is in |^4|. As this proof-term is an 
elimination, by proposition 4.4.4, we only need to prove that every of its 
one step reducts is in |^4|. If the reduction takes place in uOpi or oQp-i 
then we apply the induction hypothesis. Otherwise, aOpi has the form 
{t,p') and the reduct is (p' /£)(t/x)a6p 2 = ((p'/Q o (t/x)a)((t/x) °8)p 2 . 
By the definition of \3x B\, the proof-term p' is in \B\. Thus, by induction 
hypothesis, the proof-term ((p' /£) o (t/x)a)((t/x) o 0)p 2 is in |^4|. 

Hence, the proof-term <70<5g(/9i, £2/92) is an element of |^4|. 



4.5 Harrop theories 

We have seen that constructive cut free proofs in the empty theory are uniform, 
and we have deduced the disjunction property and the witness property for the 
empty theory. Of course these properties do not extend to all theories, but they 
extended to Harrop theories. 

Definition 4.5.1 (Harrop theory) A Harrop proposition is defined by induc- 
tion as follows: 

• atomic propositions, T and ± are Harrop propositions, 

• -i A is a Harrop proposition, 

• A A B is a Harrop proposition if A and B are Harrop propositions, 

• AW B is a not a Harrop proposition, 

• A=$> B is a Harrop proposition if B is a Harrop proposition, 

• Vx A is a Harrop proposition if A is a Harrop proposition, 

• 3x A is not a Harrop proposition. 

A Harrop theory is a theory whose axioms are all Harrop propositions. 

Proposition 4.5.1 Let T be a Harrop theory. If Ay B has a constructive proof 
in T, then A or B has a proof in T and this proof is constructive. If 3x A has 
a constructive proof in T, then there is a term t such that (t/x)A has a proof in 
T and this proof is constructive. 

Proof. By induction over the height of the proof. 

If the proofs ends with an introduction, then the result is trivial. 

The proof cannot end with an axiom because T contains only Harrop propo- 
sitions and the conclusion is not a Harrop proposition. 
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If the proof ends with an elimination, then let C± be the conclusion of the 
proof and C2 be the left premise of this elimination, the proof of C2 cannot end 
with an introduction because the proof is cut free, hence it ends with an axiom 
rule or an elimination, if it ends with an elimination rule, then let C3 be the left 
premise of this rule, ... Thus the rule ends with a sequence of elimination rules 
on propositions Ci, C n and C n is an axiom. 

We prove that at least one of the propositions C±, C n is ±. If it is not the 
case, then the proposition C n is a Harrop proposition because it is an element 
of T. Let us prove that the proposition C n -i is also a Harrop proposition. The 
proposition C n -i has been produced from C n with an elimination rule. This 
elimination rule cannot be V-elim or 3-elim because C n is a Harrop proposition, 
it cannot be _L-elim, because none of the propositions Ci,...,C n is ±. Hence 
it is either A-elim, =^-elim or V-elim, thus C„_i is a Harrop proposition. We 
prove this way by induction that all the propositions C n ,...,Ci are Harrop 
propositions. Hence C\ is a Harrop proposition which is contradictory. 

Thus one of the propositions Ci,...,C n is ±, thus the theory T is contradic- 
tory, it proves all propositions and the result is trivial. 

Excercise 4.5.1 Show that proofs of propositions of the form A\/ B and 3x A 
in consistent Harrop theories end with an introduction rule. 

Corollary 4.5.2 Let P and Q be two proposition symbols, the proposition 

nn(PVg) => (PVQ) 

does not have a constructive proof in the empty theory. 

Proof. Assume that the proposition -1-1 (P V Q) => (P V Q) has a proof. Let T 
be the Harrop theory formed with the axiom m(PvQ), the proposition PV Q 
has a proof in T. Thus either the proposition P or the proposition Q has proof 
in T and it is easy to construct a model of T where P is not valid and a model 
of T where Q is not valid. 

Corollary 4.5.3 Let P be a proposition symbol, the proposition 

^P => P 

does not have a constructive proof in the empty theory. 

Proof. If it had, so would the proposition. -1-1 (P V Q) => (P V Q). 

Corollary 4.5.4 Let P be a predicate symbol of one argument, the proposition 

(-iVx P(x)) 3x -nP(z) 
does not have a constructive proof in the empty theory. 
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Proof. Assume that the proposition (-iVx P(x)) =>• 3x ->P(x) has a proof. Let 
T be the Harrop theory formed with the axiom -iVx P(x). Then the proposition 
3x ->P(x) has a proof in T. Thus there is a term t such that the proposition 
->P(t) has a proof in T. Consider a model M with two elements and let P hold 
form the denotation of t but not for the other element. This model is a model 
of T but not of ~>P(t). Thus, the proposition ->P(t) does not have a proof in T 
which is contradictory. 



Chapter 5 

Cut elimination in 
predicate logic modulo 

We have seen that from the cut elimination theorem we could deduce the consis- 
tency, the disjunction property and the witness property for the empty theory. 
Of course, not many theorems can be proved in the empty theory. When we 
add axioms, cut free proofs need not be uniform anymore. For instance adding 
the axiom 3x P(x), allows a non uniform proof of the proposition 3x P(x). 
We have already seen that the disjunction property and the witness property 
extended to Harrop theories. We are now interested in other theories: theories 
modulo with no axioms, such as simple type theory and simple type theory with 
infinity. 

5.1 Congruences defined by a system rewriting 
atomic propositions 

Proposition 5.1.1 Consider a congruence = defined by a confluent rewrite 
system rewriting terms to terms and atomic propositions to arbitrary proposi- 
tions. If A and B are not atomic and A = B then A and B have the same root 
connector or quantifier. 

Proposition 5.1.2 Consider a congruence = defined by a confluent rewrite 
system rewriting terms to terms and atomic propositions to arbitrary proposi- 
tions. Consider the theory modulo formed with no axioms and the congruence 
= . A cut free proof in this theory ends with an introduction rule. 

Proof. By induction over the height of the proof. The last rule cannot be 
an axiom rule, because there is no axiom. If the last rule is an elimination, 
then the left premise of the elimination is proved with a cut free proof. Hence 
it ends by an introduction. By proposition 5.1.2, this introduction concerns 
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the same connector or quantifier as the elimination rule and the proof is a cut 
contradicting the fact that it is cut free. 

Thus, if cut elimination holds for such a theory, then consistency, the dis- 
junction property and the witness property also. 



5.2 Proof as terms 

Proof-terms are defined as in predicate logic and the reduction rules are the 
same. But the proof assignments rules have to be modified to take the congru- 
ence into account. 

Definition 5.2.1 (Deduction rules with proofs) 

— — — — Axiom if £ : A € V and A = B 

=n — j- T-intro if A = T 

r h= I : A J 

r h= 7r : B 



r h= 5_l(tt) : A 



±-elim if B = ± 



T\-=n:A T h= tt' : B . _ 

TP= fry) 7c A ~ mtro 

^^A-elimifC^iAAB) 
r 5 h ^ Tt '? 5 A " eto » if C = (A AB) 
J' l i ~=J'; A „ y-intro ifC=(AvB) 

J\ h =.J\ B ^ y-intro ifC=(AvB) 
r h= j(tt) :C j \ > 

T\-=it:D r,£: A\-= tt' : C T, x ■ B h= tt" : C w ,. .. n , , w m 
1 h= d(7T,47r ,xtt j : O 

— — — — =$>-mtro %fC = (A^B) 

r h= 7T : C r h= 7r' : A ,. .. „ , . _ N 

=*-eJim tf C = (A B) 

1 r= (7T 7T J : ±> 

tT ^ A t> V-e/im if B = (Vx 4) and C = (t/a;)i4 

1 r= (7T IJ : O 
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p |_ n ' (J 

(x,A,t) 3-intro if B = (3x A) and C = (t/x)A 



T h= <t, tt> : B 

rh=7r:C r,£ : 4 h= tt' : g 
r h= 5 3 (7r,x^7r') : B 



(as, i4) 3-e/im i/ C = (3as 4) and x g (r, B) 



Proposition 5.2.1 A sequent Ai,...,A n h= B is derivable in natural de- 
duction modulo if and only if there exists a term tt such that the judgment 
£i : Ai , . . . , £ n : A n h= tt : B is derivable in this system. 

Proposition 5.2.2 (Subject reduction) If T h= tt : P and tt — > tt' then 
r h tt' : P. 



5.3 Counterexamples 

Cut elimination fails for very simple rewrite systems. 

Example 5.3.1 (Russell's counterexample) We have seen that in naive set 
theory, if we call A the proposition e(R R) (or R € R) we have 

Modulo this rule, the proposition ->A has the proof 

£ -> (U) 

and the proposition A also thus the proposition ± has the proof 

0) 0)) 

This proof only reduces to itself and thus it does not terminate. It is easy to 
check that more generally, there are no cut free proofs of ± because there no 
uniform proofs of this proposition. 

Example 5.3.2 (Crabbe's counterexample) Set theory is an example of a 
theory modulo that does not have the cut elimination property. We have seen 
that there are two propositions A and B in set theory such that 

A — > B A -i A 

Thus under the assumption \ : B, the proposition ->A has the proof 

£ -> (snd(0 
and the proposition A has the proof 

thus the proposition ± has the proof 

((^(snd(0 0) (l,HW) 0)) 
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and the proposition ->B has the proof 

X -> ((£ -> («nd(0 0) (X,Z^ (snd(0 0)) 

i£ is easy c/iecfc iftai this proof does not terminate and more generally that 
the proposition ->B has no cut free proof. 

Example 5.3.3 (A terminating counterexample) Cut elimination may be 
lost even with a confluent and terminating rewrite system. The example is a re- 
fined version of Russell's counterexample. Instead of taking the non terminating 
rule Re R — > -*R € R, we take the terminating rule 

ReR — >\/y (y ~ R^ ->y e R) 

where y ~ z stands for Vx (y € x => z € x) . Modulo this rule, the proposition 
->R € R has the proof 

* = A (3 -> (X -> X)) 

and the proposition R € R has the proof 

tt' = y -> (£ -> (x ^ (tt R x)))) 
Tfte proposition ± has the proof 

(tt tt') 

This proof only reduces to itself and thus it does not terminate. It is easy to 
check that more generally, there are no cut free proofs of ± because there no 
uniform proofs of this proposition. 

5.4 Reductibility candidates 

Let us try to characterize some congruences for which cut elimination holds. 

We wish to use a cut elimination proof similar to that of predicate logic. 
The main problem is that we cannot take the set of all strongly terminating 
proof-terms for the set of reducible proof-terms of an atomic proposition. For 
instance if P, Q and R are three proposition symbol and we have the rule 

then a proof of P is also a proof of Q R and thus, to belong to \P\, besides 
being strongly terminating, a proof-term must be such that whenever it reduces 
to an introduction £ t-> tt' for all proof tt" of \Q\, the proof (ir"/£)ir' belongs to 
\R\. In this case we can take the set of all strongly terminating proofs for \Q\ 
and \R\ and the set \Q => R\ for \P\ and a proof similar to that of predicate 
logic permits to establish cut elimination modulo this rule. 
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However, generalizing this method may be difficult when we have non termi- 
nating rules or rules introducing quantifiers. For instance consider the proposi- 
tion symbols P and Q and the rule 

Q — > P AQ 

defining \Q\ as \P A Q\ would be circular, as to know \P A Q\ we need to know 
\P\ and \Q\. In the same way, consider a predicate symbol P of one argument, 
an individual symbol c and the rule 

P(c) — ¥ Vx P(x) 

Defining \P(c)\ as the set |Vx P(x)\ would be circular as to know |Vx P(x)\ we 
need to know \P(t)\ for all terms t, including c. 

Thus we shall prove in a first step that cut elimination holds provided we 
know how to assign a set of proofs \A\ to each atomic proposition A in such a 
way that the sets of reducible proofs - defined relatively to these sets - of two 
equivalent propositions are identical. In a second step we shall give examples 
where such sets can be constructed including the two examples above and simple 
type theory. 

Not any set of proof-terms is a good candidate for |^4|. Indeed, we have seen 
that to let the cut elimination proof go through we needed the sets of reducible 
proofs to verify the properties of propositions 4.4.1, 4.4.2, 4.4.3 and 4.4.4 that 
are used in the cut elimination proof. Thus, at least, the sets of reducible proofs 
of atomic propositions must verify these properties. This leads to the following 
definition. 

Definition 5.4.1 (Girard's reducibility candidate) A setR of proof-terms 
is a reducibility candidate if 

• if 7r € R, then n is strongly terminating, 

• if 7r € R and ir — > n' then it' £ R, 

• all variables belong to R, 

• if n is an elimination and if for every n' such that n — > x it' , n' € R then 
7T e R. 

Let C be the set of all reducibility candidates. 

Assigning a reducibility candidate to each atomic proposition A, is equivalent 
to assign to each predicate symbol P of n arguments a function P that maps n- 
uples of terms to reducibility candidates. Then, we define the set \P{t±, —,t n )\ 
as P(ti, ...,t n ). Thus we want to prove that if we know how to assign such a 
function to each predicate symbol, in such a way that the sets of reducible proofs 
defined relatively to these functions are such that two equivalent propositions 
have the same set of reducible proofs, then cut elimination holds modulo this 
congruence. 
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This can be generalized: to have cut elimination it is sufficient to assign, 
to each predicate symbol P of n arguments, a function P that maps n-uples of 
elements of an arbitrary set M to reducibility candidates and to associate to 
each term t an element \t\ of M. Then we define \P(ti, ...,t n ) \ as P(\ti\, ...,\t n \). 
If the sets of reducible proofs defined relatively to these functions are such that 
two equivalent propositions have the same set of reducible proofs, then cut 
elimination holds modulo this congruence. 

There are many similarities between this definition and the definition of a 
model. In particular the fact that if A = B then \A\ = \B\ can be read as 
the validity of the congruence in this structure. The only difference with the 
notion of model is that the functions P do not map n-uples of elements of M 
to truth values or 1, but to reducibility candidates. Hence such structures are 
many-valued models where truth values are reducibility candidates. We shall 
call them pre-models. As we want to apply this result to many-sorted theories, 
we directly give the definition for many-sorted predicate logic modulo. 

5.5 Pre- model 

Definition 5.5.1 (Pre-model) Let C be a many sorted first-order language. 
A pre-model for C is given by: 

• for every sort T, a set Mt, 

• for every function symbol f of rank (Ti, . . . , T n , U), a function f from 
M Tl x ... x M Tn to M v , 

• for every predicate symbol P of rank (Ti, . . . , T n ), a function P from M Tl x 
... x M Tn to C. 

Definition 5.5.2 Let t be a term and <j> an assignment mapping all the free 
variables oft of sortT to elements of Mt- We define the object |t|^ by induction 
over the height oft. 

• \x\tj, = <j>(x), 

• \f(h, ■ ■ ■ ,tn)\cj> = f{\tl\cj>, ■ ■ ■ , \t n \tj>)- 

Definition 5.5.3 Let A be a proposition and </> an assignment mapping all the 
free variables of A of sort T to elements of Mt- We define the set \A\,j, of 
proof-terms by induction over the height of A. 

• A proof-term n is an element of \P(h, . . . ,t n )\$ if it is in 
P{\ti\tt>, ■ ■ ■ ' 

• A proof-term it is an element of |T|^ if it is strongly terminating. 

• A proof-term it is an element of \±\<p if it is strongly terminating. 
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• A proof-term tt is an element of \A A if it is strongly terminating and 
when tt reduces to a proof-term of the form (711,772) then w± and 1T2 are 
elements of \A\ff, and |-B|^. 

• A proof-term it is an element of \A V B\<p if it is strongly terminating and 
when it reduces to a proof-term of the form i{iri) (resp. j{iT2)) then tt\ 
(resp. tti) is an element of |^4|^ (resp. \B\<p). 

• A proof-term it is element of \A =>• B\<f, if it is strongly terminating and 
when it reduces to a proof-term of the form £ >-> tti then for every it' in 
\A\$, (it'/£)iti is an element o/|-B|^. 

• A proof-term tt is an element of |Vx A\^, if it is strongly terminating and 
when tt reduces to a proof-term of the form x >-> tti then for every term t 
of sort T (where T is the sort of x) and every element E of Mt, (t/x)iri 
is an element of \A\ < f >+ ^ x<E y 

• A proof-term tt is an element of \3x A^ if tt is strongly terminating and 
whenever tt reduces to a proof-term of the form {t,ir\) there exists an 
element E of Mt (where T is the sort of x) such that tti is an element of 

\A\<P+{x,E)- 

Definition 5.5.4 A pre-model is a pre-model of a congruence = if, whenever 
A = B, then for every assignment </>, |^4|^ = |-B|^. 

Proposition 5.5.1 For every proposition A and assignment <j>, |^4|^ is a re- 
ducibility candidate 

Proof. By induction over the height of A. 

If A is an atomic proposition, \A\^, is a reducibility candidate by definition. 

If A is a composed proposition, then, by definition, \A\^, contains only termi- 
nating proof-terms. It is routine to prove closure by reduction. It is also routine 
to check that all variables are members of \A\ ( j ) . 

Now, we assume that tt is a an elimination and that for every tt' such that 
tt — > x tt', tt' € \A\fj,. We want to prove that tt is in \A\^,. Following the 
definition of \A\^, we first prove that tt is strongly terminating and then that if 
it reduces to an introduction, the sub-proofs belong to the appropriate sets. 

We first prove that tt is strongly terminating. Let tt = tti, TT2, ■ ■ ■ be a reduc- 
tion sequence issued from tt. If this sequence is empty it is finite. Otherwise we 
have tt — > x TT2 and hence -K2 is an element of |^4|0 thus it is strongly terminating 
and the reduction sequence is finite. 

Then we prove that if tt reduces to a introduction then the sub-proofs belong 
to the appropriate sets. Let tt = m, TT2, ■ ■ ■ TT n be a reduction sequence issued 
from tt and such that TT n is an introduction. This sequence cannot be empty 
because tt is an elimination and hence not an introduction. Thus tt — > x TT2 — > 
TT n . We have TT2 £ |^4|<^ and thus if tt„ is an introduction the sub-proofs belong 
to the appropriate sets. 
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Proposition 5.5.2 (Substitution) Given any proposition A, term t and vari- 
able x we have 

\{t/x)A\ fj) = |^| 0+<a; ,| tU) 

Proof. By induction on the height of A. 

We can now prove the main theorem of this chapter: if a system has a 
pre-model then proof-terms modulo this system terminate. 

Proposition 5.5.3 Let = be a congruence and M be a pre-model of =. If 
r h= 7r : A then the proof-term n is strongly terminating. 

Proof. As |^4|o is a reducibility candidate, it is sufficient to prove that if T h n : A 
then the proof-term tt is an element of \A\$. More generally, we prove, by 
induction over the height of the proof-assignment tree, that if T h 7r : A, 

• 6 is a substitution mapping term variables to terms, 

• is an assignment mapping variables to elements of the model, 

• a is a substitution mapping some proof variables associated to proposition 
B in r to an element of |-B|^, 

then <707r is an element of \A\ l j ) . 

• Axiom. If 7r is a variable £, we have (£ : B) € T with B = A. If £ is in 
the domain of definition of a, then <r#£ = <j£ is an element of |-B|^ = {A^, 
otherwise a0£ = a£ = £ is an element of \A\,p because \A\,p is a candidate. 

• T-intro. The proof-term n has the form I. We have aOn = I. This proof- 
term is normal, hence it is strongly terminating. Hence, the proof-term 
a6I is in \A\^,. 

• A-intro. The proof-term n has the form (pi,p2) where pi is a proof of 
some proposition B and pi a proof of some proposition C. We have 
aOn = (a6pi , CT0/92) • Consider a reduction sequence issued from this proof- 
term. This sequence can only reduce the proof-terms aOpi and a6p 2 . By 
induction hypothesis these proof-terms are in \B\^, and \C\$. Thus the 
reduction sequence is finite. 

Furthermore, all reducts of a6n have the form (p[ , p' 2 ) where p[ is a reduct 
of uOpi and p' 2 one of a6p 2 . The proof-terms p[ and /9 2 are in \B\<p and 
|C|<£ because these sets are candidates. 

Hence, the proof-term o-6{pi,p 2 ) is in \A\^,. 

• V-intro. The proof-term 7r has the form i(p) (resp. j(p)) and p is a proof 
of some proposition B. We have a6n = i(adp) (resp. j(a6p)). Consider 
a reduction sequence issued from this proof-term. This sequence can only 
reduce the proof-terms a6p. By induction hypothesis this proof-term is 
an element of |-B|^. Thus the reduction sequence is finite. 
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Furthermore, all reducts oiaOn have the form i(p') (resp. j(p')) where p' 
is a reduct of a9p. The proof-term p' is an element of |-B|^ because this 
set is a candidate. 

Hence, the proof-term a6i(p) (respectively v6j(p)) is an element of \A\^,. 

• =^-intro. The proof-term 7r has the form £ i-> p where £ is a proof variable 
of some proposition B and p a proof of some proposition C. We have 
<7#7r = £ i-> (70/9, consider a reduction sequence issued from this proof- 
term. This sequence can only reduce the proof-term a6p. By induction 
hypothesis, the proof-term a6p is an element of \C\^, thus the reduction 
sequence is finite. 

Furthermore, all reducts of a6n have the form £ i-> p' where p' is a reduct 
of a6p. Let r be any proof of |-B|^, the proof-term (t/£)p' can be obtained 
by reduction from ((t/£) o <j)0/9. By induction hypothesis, the proof-term 
((t/£) °a)6p is an element of \C\^. The proof-term {r/Qp 1 is an element 
of |C|<£ because this set is a candidate. 

Hence, the proof-term <r#£ >-> p is an element of 

• V-intro. The proof-term n has the form x >-> p where p is a proof of some 
proposition B. We have <707r = 14 <r#/9. 

Consider a reduction sequence issued from the proof-term a6n = 14 a6p. 
This sequence can only reduce the proof-term a6p. Let E be an element 
of M T (where T is the sort of x). By induction hypothesis, the proof-term 
a6p is an element of I-B^+^.e), thus the reduction sequence is finite. 

Furthermore, all reducts of a6n have the form x >-> p' where p' is a 
reduct of adp. The proof-term (t/x)p' is obtained by reducing the proof- 
term ((t/x)a)((t/x) °6)p. By induction hypothesis again, the proof-term 
((t/x)a)((t/x) °6)p is an element of \B\^ + ^ x<E y The proof-term (t/x)p' is 
an element of \B\^ + ^ X<E ), because this set is a candidate. 

Hence a6(x >-> p) is an element of \A\,p. 

• 3-intro. The proof-term n has the form (t,p), A = 3x B and p is a 
proof of (t/x)B. We have a6n = (6t,a9p). Consider a reduction sequence 
issued from this proof-term. This sequence can only reduce the proof-term 
a6p. By induction hypothesis this proof-term is in \(t/x)B\ ( j > . Thus the 
reduction sequence is finite. 

Furthermore, let E = Any reduct of a6n has the form (8t,p') where 
p' is a reduct of u6p. The proof-term p' is an element of \(t/x)B\ ( j > , i.e. of 
\B\<P+{x,e)} because \B\^ + ^ X ^ is a candidate. 
Hence, the proof-term a6{t,p) is an element of |^4|<^. 

• ±-elim. The proof-term tt has the form 6±(p) where p is a proof of ±. 
We have a6n = 6±(a6p). By induction hypothesis, the proof-term a6p 
is an element of |-L|^. Hence, it is strongly terminating. Let n be the 
maximum length of reduction sequences issued from this proof-term. We 
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prove by induction on n that 5±(a6p) is in \A\$. Since this proof-term is 
an elimination, we only need to prove that every of its one step reducts 
is in \A\ ( j ) . The reduction can only take place in a6p and we apply the 
induction hypothesis. 

Hence, the proof-term a66±(p) is an element of \A\^,. 

• A-elim. We only detail the case of left elimination. The proof-term 7r 
has the form fst(p) where p is a proof of some proposition A A B. We 
have <707r = fst(a6p). By induction hypothesis the proof-term a6p is in 
\A A B\<p. Hence, it is strongly terminating. Let n be the maximum 
length of a reduction sequence issued from this proof-term. We prove by 
induction on n that fst(a6p) is in the set \A\^,. Since this proof-term is 
a elimination we only need to prove that every of its one step reducts is 
in \B\tj). If the reduction takes place in a9p then we apply the induction 
hypothesis. Otherwise a6p has the form {p'np'2) and the reduct is p[. By 
the definition of \A A B^ this proof-term is in \A\ < f ) . 

Hence, the proof-term a6fst(p) is an element of \A\ l j ) . 

• V-elim. The proof-term 7r has the form 6(p±, £p2 XP3) where p\ is a proof 
of some proposition B V C and P2 and pz are proofs of A. We have 
<7#7r = 5(adpi,t;(Tdp2,X ( ?6p3)- By induction hypothesis, the proof-term 
a6pi is in the set \B V C\^, and the proof-terms a6p 2 and a9p 3 are in the 
set \A\fj,. Hence, these proof-terms are strongly terminating. Let n, n' and 
n" be the maximum length of reduction sequences issued from these proof- 
terms. We prove by induction onnln' + n" that 5{a6pi,a6£ t p2,x a ^P3) 
is in \A\fj). Since this proof-term is an elimination we only need to prove 
that every of its one step reducts is in \A\ ( j ) . If the reduction takes place in 
a6pi, (70/92 or aOpz then we apply the induction hypothesis. Otherwise, if 
uOpi has the form i(p') (resp. j{p')) and the reduct is (p 1 /£)cr6p2 (resp. 
(p 1 Ix)(j6p3)- By the definition of \BvC\<j) the proof-term p' is in \B\<p (resp. 
\C\rj)). Hence by induction hypothesis ((p' /Q°v)6p2 (resp. ((p' fx)° a WP3) 
is in \A\tj,. 

Hence, the proof-term (?65(pi,t;p2,XP3) is an element of \A\^,. 

• =^-elim. The proof-term 7r has the form (pi p 2 ) and p\ is a proof of 
some proposition B =>• A and P2 a proof of the proposition B. We have 
a6n = (a6pi oQp2)- By induction hypothesis oQp\ and oQp2 are in the sets 
\B A\,$, and |-B|^. Hence these proof-terms are strongly terminating. 
Let n be the maximum length of a reduction sequence issued from a9pi 
and n' the maximum length of a reduction sequence issued from a9p 2 . We 
prove by induction on n + n' that (a6pi a6p2) is in the set \A\ l j ) . Since 
this proof-term is an elimination we only need to prove that every of its 
one step reducts is in \ A\ < f ) . If the reduction takes place in adpi or in u6p2 
then we apply the induction hypothesis. Otherwise aOpi has the form 
£ i-> p' and the reduct is (pQpijQp 1 . By the definition of \B =>• A\$ this 
proof-term is in \A\^,. 
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Hence, the proof-term a6(pi p 2 ) is an element of \A\$. 

• V-elim. The proof-term 7r has the form (p t) where p is a proof of some 
proposition Vx B and A = (t/x)B. We have a6n = (a9p 6t). By induc- 
tion hypothesis, the proof-term a6p is in |Vx B^. Hence, it is strongly 
terminating. Let n be the maximum length of a reduction sequence is- 
sued from this proof-term. We prove by induction on n that (a6p 6t) 
is in the set \A\ l j ) . As this proof-term is an elimination, we only need 
to prove that every of its one step reducts is in \A\ l j ) . If the reduction 
takes place in aOp then we apply the induction hypothesis. Otherwise 
a6p has the form x >-> p' and the reduct is n(6t/x)p' . By the definition 
of |Vx B\<p this proof-term is in \B\ ( j )+ ^ XtE ) for all E. Thus, it is in is in 

\ B U+(*,\tu) = = \ A U- 

Hence, the proof-term a6(p t) is an element of \A\^,. 

• 3-elim. The proof-term 7r has the form 6s(pi, xt^p-i) where p\ is a proof 
of some proposition 3x B and P2 is a proof of A. We have a6n = 
5s{a6 pi,x£a6p 2 ). By induction hypothesis, the proof-term oQp\ is in the 
set |3a; B\^ and the proof-term a6p 2 is in the set \A\^,. Hence, these 
proof-terms are strongly terminating. Let n and n' be the maximum 
length of reduction sequences issued from these proof-terms. We prove 
by induction onn + n' that 6s(a8pi,x^a6p2) is in \A\ l j ) . As this proof- 
term is an elimination, we only need to prove that every of its one step 
reducts is in |^4|^- If the reduction takes place in uOpi or oQp 2 then we 
apply the induction hypothesis. Otherwise, aOpi has the form (t, p') and 
the reduct is (p' /£)(t/x)adp 2 = ((p'/0 ° (t/x)a)((t/x) o ff)p 2 . By the 
definition of \3x B^, there exists an element E of such that the proof- 
term p' is in I-B^+^.e)- Thus, by induction hypothesis, the proof-term 
{{p'10 (t/x)a)((t/x) o8)p 2 is in {A^^^, i.e. in \A\^. 

Hence, the proof-term (j65s{pi^xp 2 ) is an element of \A\ ( j ) . 



5.6 Pre-model construction 
5.6.1 The term case 

Proposition 5.6.1 // a congruence is defined by a rewrite system or a set of 
equalities on terms, but not on propositions, then it has a pre-model and hence 
proof reduction terminates modulo this congruence. 

Proof. We associate the set of strongly terminating proofs for all atomic propo- 
sitions. 

Corollary 5.6.2 All equational theories are consistent, have the disjunction 
property and the witness property. 
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5.6.2 Quantifier free rewrite systems 

Definition 5.6.1 (Predicativity) A rewrite system is predicative if no quan- 
tifier appears on the right hand side of any of its rules. 

Proposition 5.6.3 A predicative, confluent, and terminating rewrite systems 
has a pre-model, hence proof reduction terminates modulo such a rewrite system. 

Proof. By induction over proposition height, we associate a set of proof-terms 
to each each normal closed quantifier free proposition. 



9(A) 
¥(T) 
¥(±) 
*(iAB) 

i$(A => B) 



{tt 
{tt 
{tt 
{tt 
{tt 
{tt 



tt st. ter.} if A is atomic 

tt st. ter.} 

tt st. ter.} 

tt st. ter. An — > (tti,tt 2 ) =>■ tti G V(A) A 7r 2 G *(-B)} 

tt st. ter. A tt — > => tti G A tt — > i(n 2 ) => tti G *(-B)} 

tt st. ter. A tt — > £ H> m V7r' G *(j4) (tt'/O 71 "! € *(-B)} 



We define a pre-model as follows. Let My be the set of normal closed terms of 
sort T. 

f(ti,...,t n ) = f(ti, . . . , t n ) 4. 

P(ti,...,t n ) = *((P(ti,...,t„))|). 

where >1 4- (resp. t 4-) is the normal form of the proposition A (resp. term t). 
We prove, by an easy induction, that \A\^, = \B\^, when A = B. 



5.6.3 Positive rewrite systems 

For some rewrite systems, pre-models can be built by a fixed point construction. 

Definition 5.6.2 A rewrite system is positive if it rewrites atomic propositions 
to propositions containing only positive occurrences of atomic propositions. 

Definition 5.6.3 A pre-model is syntactical if 

• My = 7y/ = where Tt is the set of closed terms of sort T, 

• iff is a function symbol, f is the function that maps the classes e±, e n to 
the class of the term f(t\ , . . . , t n ) where t\ , t n are elements of e\ , e„ 
(since the relation = is a congruence, this does not depend of the choice 
of representatives). 

A syntactical pre-model is defined solely by the interpretation of predicate 
variables. 

Definition 5.6.4 Let Mi and M 2 be two syntactical pre-models. We write Pi 
for the denotation of P in Mi and P 2 for the denotation of P in M 2 

We say that Mi < M 2 if and only if for any predicate symbol P and closed 
terms ti , . . . , t n we have 

Pi (f i , . . . , t n ) C P 2 (ti , . . . , t n ) 
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The set of syntactical pre- models is a complete lattice for the order < . 

Proposition 5.6.4 LetlZ be a confluent and terminating rewrite system. If the 
system 71 is positive then it has a pre-model, hence proof reduction terminates 
modulo 71. 

Proof. Let T be the function mapping syntactical pre-models to syntactical 
pre-models defined by 

T{M){P){t u ...,t n ) = \P(h, . . . , t„H 1*1,0- 

As the system TZ is positive the function T is monotone. Hence, as the set of 
syntactical pre-models is a complete lattice, it has a fixed point. This fixed 
point is a pre-model of the rewrite system. 

Proposition 5.6.5 Let 71 be a rewrite system such that any atomic proposition 
has at most one one-step reduct. If the system 71 is positive then it has a pre- 
model, hence proof reduction terminates modulo TZ. 

Proof. Let T be the function mapping syntactical pre-models to syntactical 
pre-models defined by 

T{M){P){t u ...,t n ) = \P{t u ...,t n ) + \ M3 

where A+ is the unique one-step reduct of A if it exists and A otherwise. Again, 
since the system 71 is positive the function T is monotone and again, since the 
set of syntactical pre-models is a complete lattice, it has a fixed point. This 
fixed point is a pre-model of the rewrite system. 

5.6.4 Type theory and type theory with infinity 

Proposition 5.6.6 (Girard's theorem) Simple type theory has a pre-model, 
hence proof reduction terminate in simple type theory. 

Proof. We construct a pre-model as follows. The essential point is that we 
anticipate the fact that objects of sort o actually represent propositions, by 
interpreting them as reducibility candidates. 

M t = {0} 

M = C 

M T ^u = M™ T 

St,u,v = a (6 (c a(c)(6(c)))) 

Kt,u = a>-> (b >-> a) 

a(a,b) = a(b) 
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■ (ni , 7T 2 ) =>• 7Ti G A 7T 2 G 6} 

"> i(7Tl) => TTl G a) A (-7T »• i(7T 2 ) =>• 7T 2 G 6)} 

• £ (-> TTi =>• V7r' G a (n'/ti)ni G 6} 

. x i-> TTi => Vt of type TV£eM T (t/x)7n G a(£)} 

• (t, n 2 ) =^ 3£ G M T 7r 2 G a(£)} 



It is easy to check that |^4|^ = when A — B. 

Proposition 5.6.7 Simple type theory with infinity has a pre-model, hence 
proof reduction terminates in simple type theory with infinity. 



Proof. 

M t 
M 
M T ^u 

6 

Su 
Pred 
Null 

St,u,v 
Kt,u 
a(a, b) 
i(a) 



= C 



0, 

n <-» n + 1, 

n i-> if n = then else n — 1, 

n i-> {7r | 7r st. ter.}, 

a H> (6 i-> (c i-> o(c)(6(c)))) 

a h> (J h> a) 

a(b) 

a 



T = 

i = 

k(a,b) = 

f(a,b) = 

Ma, b) = 

V T (o) = 

ir(o) = 

It is easy to check that \A\^, 
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. ter. A n — > (ni , 7r 2 ) =>• n± G a A 7r 2 G 6} 
. ter. A (-7T — > i(ni) n± £ a) A (n — > i(n 2 ) => n 2 G 6)} 
. ter. A n — > £ H> m =>• W G a (n'/£)ni G 6} 

. ter. A tt — s> x !->■ TTi =>• Vt of type T VE £ M T (t/x)7n G o(£)} 
. ter. A 7r — 5> (f , 7r 2 ) =^ G M T 7r 2 G a(-E)} 
£| when A = B. 



Remark. In the pre-model above T and _L are interpreted by the same reducibil- 
ity candidate (while in a model they are interpreted by a different truth value) 
hence the interpretation of Null is simply the constant function equal to this 
candidate. Thus it is not necessary to interpret the type i as N and we could 
also take M t = {0}. 



